Firefox exploit sends Mozilla into 'high-priority fire drill' mode
Two weeks, two exploits
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Mozilla's security team is rushing out a fix for its flagship Mozilla browser following the public release of attack code that targets a previously unknown vulnerability.
The exploit was released Wednesday online. It attacks a vulnerability present on Windows, Mac and Linux versions of the browser and could be used to surreptitiously execute malware on the machines of users who browse booby-trapped websites. The flaw is classified as a boundary condition error that targets Firefox's XML parsing features according to SecurityFocus.
This is the second critical vulnerability in Firefox to come to light in as many weeks. Last week, a master's candidate from the University of Oldenburg in Germany unveiled a separate vulnerability that allowed him to compromise the browser's security. At time of writing, there were no reports that attackers were exploiting either vulnerability, but there's nothing stopping a determined miscreant from modifying Wednesday's release into working attack.
Mozilla intends to fix both vulnerabilities in the version 3.0.8, which is due for release on April 1, Mozilla says here. Mozilla developers are characterizing it as a "high-priority firedrill security update."
As is usually the case, the Firefox add-on NoScript can mitigate attacks against both vulnerabilities. ®
COMMENTS
FF just updated itself to 3.0.8
Easy and fast. No waiting until April 1st after all.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
