{"id":4845,"date":"2005-05-13T10:03:35","date_gmt":"2005-05-13T08:03:35","guid":{"rendered":"https:\/\/destinationcyber.com\/?p=4845"},"modified":"2005-05-13T10:03:35","modified_gmt":"2005-05-13T08:03:35","slug":"firefox-1-0-4-dans-les-bacs","status":"publish","type":"post","link":"https:\/\/destinationcyber.com\/?p=4845","title":{"rendered":"Firefox 1.0.4 dans les bacs"},"content":{"rendered":"<p class=\"post_excerpt\">Rien \u00e0 dire: le Panda rouge est tr\u00e8s r\u00e9actif <\/p>\n<p>Comme pr\u00e9vu, la Fondation Mozilla a mis en ligne une mise \u00e0 jour critique de son navigateur (v1.0.4) ainsi que de la Mozilla Suite (v1.7.8), quatre jours seulement apr\u00e8s la d\u00e9couverte de deux m\u00e9chantes failles. Saluons encore une fois la r\u00e9activit\u00e9 de la communaut\u00e9 et de la Fondation. Une r\u00e9activit\u00e9 qui fait horriblement d\u00e9faut \u00e0 Internet Explorer. Et qui lui co\u00fbte des parts de march\u00e9.<\/p>\n<p>Selon le site de veille FrSIRT, le premier probl\u00e8me r\u00e9sulte d&rsquo;une erreur de validation d&rsquo;entr\u00e9es pr\u00e9sente au niveau de la gestion des urls \u00ab\u00a0javascript:\u00a0\u00bb incluses avec les pseudo-protocoles \u00ab\u00a0view-source:\u00a0\u00bb et \u00ab\u00a0jar:\u00a0\u00bb. La faille pourrait \u00eatre exploit\u00e9e via un site web malicieux afin de conduire des attaques par Cross Site Scripting et ex\u00e9cuter des commandes arbitraires. <\/p>\n<p>La seconde vuln\u00e9rabilit\u00e9 est due \u00e0 une erreur pr\u00e9sente au niveau de la gestion des objets Javascript eval et Script qui sont ex\u00e9cut\u00e9s avec des privil\u00e8ges \u00e9lev\u00e9s. Elle pourrait \u00eatre exploit\u00e9e par un attaquant distant afin de compromettre un syst\u00e8me vuln\u00e9rable. <\/p>\n<p>Comme d&rsquo;habitude, rendez-vous sur le site de la Fondation pour t\u00e9l\u00e9charger les derni\u00e8res versions.<\/p>\n<p>[source &#8211; Silicon.fr]&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Rien \u00e0 dire: le Panda rouge est tr\u00e8s r\u00e9actif <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_citadela_custom_class":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-4845","post","type-post","status-publish","format-standard","hentry","category-securite"],"_links":{"self":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/posts\/4845","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4845"}],"version-history":[{"count":0,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/posts\/4845\/revisions"}],"wp:attachment":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}