阅读:1772回复:1
从来不转新闻,这次也玩个新鲜,转一贴<一攻击代码惊现互联网 波及三
http://www.cnetnews.com.cn/news/net/sto ... 062,00.htm
CNET科技资讯网(原ZDNet China新闻频道)原创文章版权所有,未经许可严禁转载,且不构成投资建议。 不能转载,所以只给链接。 这种代码仍然利用了早已修复的IDN漏洞,所以Mozilla敦促用户尽快升级到最新版,即Firefox 1.0.7和Mozilla 1.7.12,它们已经修复了这个漏洞。而基于Firefox的Aol Netscape目前尚未修复。 |
|
|
1楼#
发布于:2005-09-27 12:36
之前看過,升級 1.07 是絕對有需要。
washingtonpost.com weblog Security Fix is reporting that an exploit for a Mozilla security bug has been released. The PwnZilla 5 code takes advantage of the international domain name (IDN) link buffer overflow flaw, details of which were published earlier this month. The weblog post says that the exploit code "could let attackers take complete control over computers cruising the Web with unpatched versions of the Firefox Internet browser". Previous public exploits for the vulnerability have been basic proof-of-concepts that simply crash the browser. |
|
|