I was not, however, able to use it at all. First, my current setup. I am running OS X 10.5 on a 17″ MBP with 4GB RAM. (I have the older mobo however, and the system only actually uses 3GB.) I also have Parallels 3.0 installed with a Windows XP VM (this is important) and two Linux VMs (a Gentoo server and an Ubuntu desktop).

When attempting to start Minefield on OS X (Parallels not running), as Minefield starts Parallels attempts to start an installer on Win XP. The VM cannot be shut down until Minefield is shut down and the only way to do that is via Force Quit. Otherwise the installer continues to attempt to run on Win XP in Parallels. I did not download the Windows installer, nor did I wish to, however, there is something that is triggering a “Firefox Installer” on Win XP whenever Minefield attempts to open on OS X.

Needless to say, while Minefield will not start until it has finished “installing” on XP, and since it is trying (I guess) to install the OS X version on XP, I end up with a hung Minefield and an endless loop of Windows error messages (“The application Firefox Installer has performed and illegal operation etc etc”) followed by the “Firefox Installer” on Windows dying and respawning. Maybe I’ll try again in a week or two, since these are trunk builds and fixes and updates are coming in pretty regularly at this point.

To use the bookmarklet, drag the link below into your Firefox/Mozilla bookmarks bar.

Find Etymology

To use the “Google Gadget” go to your Google homepage, click on the “Add Stuff” link, click on “Add by URL” and enter http://www.evardsson.com/files/gg_etymonline.xml

Enjoy!

Well, if a picture is worth a thousand words, then maybe this video will shed some light on the subject (sorry – it is an ad for McAfee, which I neither use nor recommend – just my personal preference) .

Although the hackers are calling it a 0day exploit, it seems that it isn’t really. It is one of many that can be easily found using the AxMan ActiveX fuzzing engine. It seems that the guys over at xsec.org are trying to take more than reasonable credit for writing code to exploit a known vulnerability.

HD Moore, head of the Metasploit project was quoted in the article as saying:

“This is one of the many exploitable bugs that can be discovered using AxMan and one of the few that I didn’t include in Month of Browser bugs due to the ease of exploitation. I still have three or four left in IE that have similar impact.”

There is also a Secunia Advisory related to this exploit.

MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption