Firefox exploit sends Mozilla into 'high-priority fire drill' mode

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2009/03/26/new_firefox_exploit/

By Dan Goodin in San Francisco
The Register
26th March 2009 

Mozilla's security team is rushing out a fix for its flagship Mozilla 
browser following the public release of attack code that targets a 
previously unknown vulnerability.

The exploit was released Wednesday online. It attacks a vulnerability 
present on Windows, Mac and Linux versions of the browser and could be 
used to surreptitiously execute malware on the machines of users who 
browse booby-trapped websites. The flaw is classified as a boundary 
condition error that targets Firefox's XML parsing features according to 
SecurityFocus.

This is the second critical vulnerability in Firefox to come to light in 
as many weeks. Last week, a master's candidate from the University of 
Oldenburg in Germany unveiled a separate vulnerability that allowed him 
to compromise the browser's security. At time of writing, there were no 
reports that attackers were exploiting either vulnerability, but there's 
nothing stopping a determined miscreant from modifying Wednesday's 
release into working attack.

Mozilla intends to fix both vulnerabilities in the version 3.0.8, which 
is due for release on April 1, Mozilla says here. Mozilla developers are 
characterizing it as a "high-priority firedrill security update."

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/