Dante send me a tip about a 0-day exploit that is affecting the latest versions of the popular Firefox web browser. The exploit is described as a remote memory-corruption vulnerability that is affecting Firefox running on all supported operating systems. A proof of concept has been published by the security researcher and the Mozilla team has acknowledged the existence and announced plans to rush a Firefox 3.0.8 update at the beginning of next week.
The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about the visited websites. The safest would be to switch to another web browser at least for the time until the Mozilla developers have published the update that fixes the vulnerability in the web browser or a hot fix becomes known.
The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification.
Related posts:
Web Browser: Firefox 3.0.8F-Secure Exploit Shield Protects Against 0-Day Web Browser Exploits
Critical Security Vulnerability In Firefox 3.5
Firefox 3.5.1 Update Available
Web Browser: Firefox 3.0.7
Vulnerabilities in latest Flash version
Firefox 3.0.1 released
Another Critical Firefox Vulnerability Emerges
4 Responses to “Latest Firefox Web Browser Vulnerable to 0-Day Exploit”
Trackbacks/Pingbacks
-
[...] vulnerability was discovered affecting all the latest versions of the Firefox web browser. (read Latest Firefox Web Browser Vulnerable to 0-Day Exploit). After news about the vulnerability spread like wildfire on the Internet a first official [...]
Further proof that the only reason a piece of software like Firefox is better is because it is open source where bugs and security issues can be resolved and perhaps be found faster.
That does NOT automatically mean it is safer to use than the well known closed source alternatives.
Opening a can of worms here and will be flamed for this I think ;)
Alternatively if you have NoScript, it will probably block this exploit. Unless of course said website was hacked. OTOH you could also run your browser sandboxed and you’ll be safe!
I took a peek at the exploit listed on Firefox’s developer page. It looks like “webfriend” is right about NoScript.
And I also browse unknown sites in a sandbox. Vista Ultimate comes with a Virtual PC that lets you run programs without saving it permanently to the Virtual PC image. And if you like what you see on the webpage in the Virtual PC, you can copy and paste it out to your normal OS.