Latest Firefox Web Browser Vulnerable to 0-Day Exploit
Dante send me a tip about a 0-day exploit that affects the latest versions of the popular Firefox web browser. The exploit is described as a remote memory-corruption vulnerability that affects Firefox running on all supported operating system (Windows, Linux and Mac).
A proof of concept has been published by the security researcher, and the Mozilla team has acknowledged the existence of the vulnerability. Mozilla announced plans to rush a Firefox 3.0.8 update at the beginning of next week to fix the issue.
The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about which websites are visited in the browser.
The safest would be to switch to another web browser for the time being until Mozilla publishes a fix for the vulnerability.
The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification. This means that it won't take long before the patched version update of Firefox is being published by Mozilla.
Update: Mozilla has fixed the vulnerability in recent versions of the browser.
Update 2: Firefox 3 is reaching the end of its life-cycle. Mozilla announced that it will end support for the browser version on April 2012. Firefox 3 won't receive any updates after this point, and users are encouraged to update to newer versions of the Firefox web browser instead.
Firefox 3 users have basically two options here. They can upgrade to a Firefox 10 Extended Support Release version, which at the time of writing is based on Firefox 10, or they can update to the Firefox stable channel, which currently is at version 11. The difference between both versions is the version increase. The stable channel's version increases all six weeks, while the ESR channel's version only every 42 weeks to a new major version.
Can anyone help me with this please;;;
It looks like the blocking is happening somewhere on your end as I see the 499 indexing error for https://www.depop.com/11loll/.
499 errors can occur when our crawlers are denied access to your site content by Cloudflare. Please make sure to whitelist our crawler IPs at Cloudflare (under Firewall > Tools):
Cloudflare firewall
Here’s the list of IPs we use:
88.99.218.202
88.99.149.30
88.99.162.232
88.99.29.101
158.69.116.43
139.99.121.235
I took a peek at the exploit listed on Firefox’s developer page. It looks like “webfriend” is right about NoScript.
And I also browse unknown sites in a sandbox. Vista Ultimate comes with a Virtual PC that lets you run programs without saving it permanently to the Virtual PC image. And if you like what you see on the webpage in the Virtual PC, you can copy and paste it out to your normal OS.
Alternatively if you have NoScript, it will probably block this exploit. Unless of course said website was hacked. OTOH you could also run your browser sandboxed and you’ll be safe!
Further proof that the only reason a piece of software like Firefox is better is because it is open source where bugs and security issues can be resolved and perhaps be found faster.
That does NOT automatically mean it is safer to use than the well known closed source alternatives.
Opening a can of worms here and will be flamed for this I think ;)