matunga
join:2003-07-26
3 edits |  Foxit Reader Firefox Plugin Memory Corruption Vulnerability
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
A vulnerability has been discovered in Foxit Reader plug-in for Firefox, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the Foxit Reader plugin for Firefox (npFoxitReaderPlugin.dll). This can be exploited to trigger a memory corruption by tricking a user into visiting a specially crafted web page which repeatedly loads and unloads the plugin.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed with Foxit Reader version 3.1.2.1013 and Mozilla Firefox 3.5.3.
»secunia.com/advisories/37049/ |
|
redwolfe_98
join:2001-06-11 | thanks matunga..
i am sure that foxit will promptly address the issue.. |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
 ·Bell Sympatico
 ·Cogeco Cable
1 edit | reply to matunga
quote:
Uninstall/Remove Foxit Firefox plugin
hello, there is a work around to remove Firefox plugin.
Please delete "npFoxitReaderplugin.dll" and "FoxitReaderOCX.ocx" file and go to Mozilla Folder/plugins, delete "npFoxitReaderplugin.dll".
»forums.foxitsoftware.com//showth···?t=14063
Plus this warning has already been posted within this link
»[Update] Foxit Reader v.3.1.2.1013 Released
--
Sometimes we lose friends for whose loss our regret is greater than our grief, and others for whom our grief is greater than our regret. François de la Rochefoucauld
Never trust a computer you can't throw out a window. - Steve Wozniak
|
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31 | reply to matunga
Thanks matunga and to MarkAW. |
|
Tuxified
IHS
Premium
join:2009-01-04
clubs:
| reply to matunga
Thanks for the heads up, must have missed the other mention of it.
Deleted the plugin using the method MarkAW  posted just to be on the safe side.
--
If a tree falls in the forest, and no one is around to hear it...would my opinion still be wrong? |
|
CJ
join:2000-07-18
USA
1 edit | reply to matunga
I assume this only affects the FireFox plugin and not the stand alone reader and IE? Is that a safe assumption or should I ditch Foxit all together? |
|
deke40
Premium
join:2003-01-23
Freeport, Tx
1 edit | I use Foxit and have had no problems with it. |
|
Grail Knight
Who Dares Wins
Premium
join:2003-05-31
·Verizon Online DSL
| reply to CJ
Don't worry about us.
Points were made and questions were asked. Seems to be a forum.
---
As for Foxit keep using the updated version minus the Fx plugin until an update is released which should be in short order.
--
Humor. It is a difficult concept. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
·AT&T Midwest
| reply to matunga
A vulnerability has been discovered in Foxit Reader plug-in for Firefox, which can be exploited by malicious people to compromise a user's system. Thanks for the warning.
I guess I'm "safe" since I have not installed "foxit". All I need to worry about is the never ending stream of security flaws in the Adobe reader 
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.0; firefox 3.0.14 |
|
jebba2005
join:2005-01-13
Portland, ME | reply to matunga
I use Foxit, thanks for the info. |
|
retired17
join:2007-01-24
Anaheim, CA | reply to matunga
My Foxit reader for Firefox 3.5.3 says Foxit reader plugin for Mozilla 1.0.0.1. Why is my version number so much different from the listed version number? Am I still safe? |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON |  reply to matunga
(topic move) Foxit Reader Firefox Plugin Memory Corruption Vulne
Moderator Action
The post that was here (and all 11 followups to it), has been moved to a new topic .. »Foxit Reader Firefox Plugin Memory Corruption Vulnerability |
|
angussf
Premium
join:2002-01-11
Tucson, AZ
| reply to matunga
Re: Foxit Reader Firefox Plugin Memory Corruption Vulnerability
Best solution to this issue IMHO is to uninstall the Firefox plugin and just open PDFs in Foxit Reader outside the browser.
If you already have the plugin installed you *_may_* be able to uninstall Foxit, reboot, then reinstall Foxit, just unchecking the plugin or "Open PDFs in browser" option. |
|
redwolfe_98
join:2001-06-11
·RoadRunner Cable
2 edits | reply to retired17
said by retired17 :My Foxit reader for Firefox 3.5.3 says Foxit reader plugin for Mozilla 1.0.0.1. Am I still safe? retired17, like angussf said, i would just remove the foxit plugin.. i don't see why you would need it.. i use "firefox" and the "foxit reader", but i don't use the foxit plugin, for "firefox"..
markAW posted a link to a thread, in the "foxit" forum, with instructions on how to remove the foxit plugin:
»forums.foxitsoftware.com//showpo···tcount=4 |
|
MiNdErAsR
Minderasr
join:2000-11-25 | reply to matunga
Has this issue been fixed in v3.1.3.1030? |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | reply to CJ
I may have missed it, but I don't see an answer to your question. I would like to know the answer myself. It's a good question, IMHO. |
|
MarkAW
Barry White or lil bratt
Premium
join:2001-08-27
Canada
·Bell Sympatico
·Cogeco Cable
2 edits | reply to MiNdErAsR
said by MiNdErAsR :Has this issue been fixed in v3.1.3.1030? If you had been to the software forum and seen the thread then you would have seen it posted.
»[Free] Foxit PDF Reader 3.1.3.1030
--
Sometimes we lose friends for whose loss our regret is greater than our grief, and others for whom our grief is greater than our regret. François de la Rochefoucauld
Never trust a computer you can't throw out a window. - Steve Wozniak
|
|
