gHacks Technology News | Latest Tech News, Software And Tutorials » firefox exploit

0-Day Firefox 3.6 Vulnerability Emerges

Martin Brinkmann — Wed, 27 Oct 2010 16:05:08 +0000

The official Nobel Prize website was hacked yesterday, and for some time ran an exploit targeting a new 0-day vulnerability in the Firefox browser. According to our information, the exploit was used to install a backdoor on the user’s computer system without notifications or warning messages.

The backdoor tries to retrieve the path of the Windows directory to copy the file symantec.exe to %WINDIR%\temp\symantec.exe. Once the file is created there, autostart keys are added to the Windows Registry to load the file on system startup. The keys are added both to the user and local machine parts of the Registry, and the reg command is used to add them.

The program then tries to create two connections to Internet servers, namely to nobel..mooo.com and update.microsoft.com. After these initial connections it tries to connect to two additional servers, both of which appear to be offline currently. If they are offline, the malware stops executing and exits.

On a successful connection, the malware opens a shell and the attacker can access the local computer with the same rights the malware was executed with.

Mozilla appears to be aware of the vulnerability and is developing a patch to protect the browser from the vulnerability. (via)

Update: Office Mozilla Response Up, suggest to disable JavaScript to protect the browser from the vulnerability.

Critical Security Vulnerability In Firefox 3.5

Martin Brinkmann — Wed, 15 Jul 2009 12:01:02 +0000

A critical security vulnerability affecting Firefox 3.5 has been discovered and published on the security portal Milw0rm entitled Firefox 3.5 Heap Spray Vulnerability. A proof of concept exploit has been provided. In short, the vulnerability can lead to remote code execution. The good news is that a security patch has already been published by Mozilla Links.

The security vulnerability can be fixed the following way. Type in about:config in the Firefox address bar and hit enter. Now filter for the term javascript.options.jit.content and double-click it afterwards to set it to false which disables the Tracemonkey JavaScript engine. This in turn could (and most likely will) reduce the JavaScript performance of the Firefox 3.5 web browser until an official security patch is provided by the Mozilla Firefox team.

The security patch is expected to be released soon by the Firefox development team. Stay tuned, we keep you updated.

Latest Firefox Web Browser Vulnerable to 0-Day Exploit

Martin Brinkmann — Thu, 26 Mar 2009 14:32:58 +0000

Dante send me a tip about a 0-day exploit that is affecting the latest versions of the popular Firefox web browser. The exploit is described as a remote memory-corruption vulnerability that is affecting Firefox running on all supported operating systems. A proof of concept has been published by the security researcher and the Mozilla team has acknowledged the existence and announced plans to rush a Firefox 3.0.8 update at the beginning of next week.

The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about the visited websites. The safest would be to switch to another web browser at least for the time until the Mozilla developers have published the update that fixes the vulnerability in the web browser or a hot fix becomes known.

The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification.