http://www.theregister.co.uk/2009/03/26/new_firefox_exploit/ By Dan Goodin in San Francisco The Register 26th March 2009 Mozilla's security team is rushing out a fix for its flagship Mozilla browser following the public release of attack code that targets a previously unknown vulnerability. The exploit was released Wednesday online. It attacks a vulnerability present on Windows, Mac and Linux versions of the browser and could be used to surreptitiously execute malware on the machines of users who browse booby-trapped websites. The flaw is classified as a boundary condition error that targets Firefox's XML parsing features according to SecurityFocus. This is the second critical vulnerability in Firefox to come to light in as many weeks. Last week, a master's candidate from the University of Oldenburg in Germany unveiled a separate vulnerability that allowed him to compromise the browser's security. At time of writing, there were no reports that attackers were exploiting either vulnerability, but there's nothing stopping a determined miscreant from modifying Wednesday's release into working attack. Mozilla intends to fix both vulnerabilities in the version 3.0.8, which is due for release on April 1, Mozilla says here. Mozilla developers are characterizing it as a "high-priority firedrill security update." [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Fri Mar 27 2009 - 00:03:08 PDT
This archive was generated by hypermail 2.2.0 : Fri Mar 27 2009 - 00:11:25 PDT