Original URL: http://www.theregister.co.uk/2009/03/26/new_firefox_exploit/
Firefox exploit sends Mozilla into 'high-priority fire drill' mode
Two weeks, two exploits
Posted in Security, 26th March 2009 23:13 GMT
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Mozilla's security team is rushing out a fix for its flagship Mozilla browser following the public release of attack code that targets a previously unknown vulnerability.
The exploit was released Wednesday [1] online. It attacks a vulnerability present on Windows, Mac and Linux versions of the browser and could be used to surreptitiously execute malware on the machines of users who browse booby-trapped websites. The flaw is classified as a boundary condition error that targets Firefox's XML parsing features according to [2] SecurityFocus.
This is the second critical vulnerability in Firefox to come to light in as many weeks. Last week, a master's candidate from the University of Oldenburg in Germany unveiled a separate vulnerability that allowed him to compromise the browser's security. At time of writing, there were no reports that attackers were exploiting either vulnerability, but there's nothing stopping a determined miscreant from modifying Wednesday's release into working attack.
Mozilla intends to fix both vulnerabilities in the version 3.0.8, which is due for release on April 1, Mozilla says here [3]. Mozilla developers are characterizing [4] it as a "high-priority firedrill security update."
As is usually the case, the Firefox add-on NoScript [5] can mitigate attacks against both vulnerabilities. ®