Mozilla Pounces On New Firefox Zero-day Exploit


Recommended Posts

<h2 class="headline">Mozilla Pounces On New Firefox Zero-Day Exploit </h2> Vulnerability discovered in Firefox 3.0.x browsers considered critical

Mar 26, 2009 | 02:48 PM

By Kelly Jackson Higgins

DarkReading

A zero-day exploit for Firefox was unleashed online yesterday, but Mozilla didn't waste any time before patching for the critical vulnerability it abuses: The open-source group now has a patch ready for the flaw that will ship with the next Firefox update on April 1.

The researcher who discovered the vulnerability yesterday released with it proof-of-concept code. Mozilla developers jumped on it right away, coming up with a fix.

The flaw is a remote memory corruption vulnerability that affects all versions of Firefox 3.0.x, and could let an attacker execute malware on a victim's machine or crash the browser, according to the vulnerability report. The user would have to be lured into viewing a malicious file with his Firefox browser.

Johnathan Nightingale, whose title at Mozilla is "human shield," says so far Mozilla hasn't seen signs of an exploit in the wild for the bug.

The vulnerability affects Windows, OS X, and Linux versions of Firefox 3.0.x.

DarkReading - http://www.darkreading.com/security/attack...ttacks/breaches

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...