http://www.theregister.co.uk/2010/10/26/firefox_0day_report/ By Dan Goodin in San Francisco The Register 26th October 2010 Malicious hackers have exploited an unpatched vulnerability in the latest version of Firefox to attack people visiting the Nobel Peace Prize website, a Norway-based security firm said on Tuesday. Mozilla representatives confirmed a "critical vulnerability" in versions 3.5 and 3.6 of the open-source browser. It came several hours after the organization members were said to have made the same admission on this password-protected Bugzilla page. According to Einar Oftedal, a detection executive at Norman ASA in Oslo, the official website for the Nobel Peace prize, nobelpeaceprize.org, was compromised so that it contained an iframe link to a malicious server. “This iframe has a multi exploit backend and serves exploits for Firefox, including a working remote exploit for firefox 3.6.11,” he said in an instant message to The Register. “We didn't see any 0day for IE,” he added, referring to Microsoft's browser. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Wed Oct 27 2010 - 01:07:43 PDT
This archive was generated by hypermail 2.2.0 : Wed Oct 27 2010 - 01:12:35 PDT