It appears there is a new Mozilla Firefox based exploit around which (as these demos shown) can be utilised to practically run anything on your computer.
However, the reason I’ve added “sortof” is that Firefox doesn’t actually trigger the exploit itself – another browser (such as Internet Explorer) has to go to a URL starting firefoxurl:// which is then passed to the command line version of Firefox which then starts the exploit. Therefore, even if you just have Firefox installed (but not in use), you are at risk.
So how can you fix this? Secunia advises you to “Do not browse untrusted sites” (yep, like that is easy – especially with third party advertisements on “trusted sites”), and also to disable the “Firefox URL” URI handler. But how do you do this?
It’s reasonably simple:
Open Windows Exporer (not Internet Explorer) and from the Tools menu select “Folder Options” menu. On the dialog that appears select the “File Types” tab.
Now in the list of registered file types find the one that says:
“(NONE)” for extension and “Firefox URL” for file type
Select it and click on delete button to delete it.
Click on “OK” to close the “Folder Options” dialog.
If the delete button is greyed out, click it anyway, click [Advanced], [Remove], Sure? [yes].
News: Daily Mail: Bank Holiday Traffic
As I’m in the process of slowing shutting down other sites I’ve worked on (due to time constraints), I’m reposting them here. Here’s an article from the 3rd of May 2007 from “Treble R News” which was going to be a Register-esque general news site.
The Daily Mail has got an exclusive for you today – the shocking news is that on this bank holiday there will be “mayhem on the roads” with big traffic jams expected.
The traffic on the M25 is meant to be a “congestion hotspot”.
Wow – thanks Daily Mail, you know, I wouldn’t have thought about the roads would be busy just before a bank holiday weekend and the M25 – knowing how quiet it is normally (yep, that’s sarcasm) – being a congestion hotspot!