The backdoor tries to retrieve the path of the Windows directory to copy the file symantec.exe to %WINDIR%\temp\symantec.exe. Once the file is created there, autostart keys are added to the Windows Registry to load the file on system startup. The keys are added both to the user and local machine parts of the Registry, and the reg command is used to add them.

The program then tries to create two connections to Internet servers, namely to nobel..mooo.com and update.microsoft.com. After these initial connections it tries to connect to two additional servers, both of which appear to be offline currently. If they are offline, the malware stops executing and exits.

On a successful connection, the malware opens a shell and the attacker can access the local computer with the same rights the malware was executed with.

Mozilla appears to be aware of the vulnerability and is developing a patch to protect the browser from the vulnerability. (via)

Update: Office Mozilla Response Up, suggest to disable JavaScript to protect the browser from the vulnerability.

The few facts that are know are the following: The vulnerability is a remote code exection vulnerability that can be used by malicious users to comprise the operating system.

It is however not clear how the exploit works and if it is already in the wilds. Secunia rates the exploit as highly critical without going into further detail as well.

An official statement has not been published yet by the Mozilla developers. It is likely that the increase in reports about the vulnerability will trigger an official response soon. The Mozilla team seems to be aware of the vulnerability according to information posted on The H. (via Download Squad)

A proof of concept has already been created that demonstrates the vulnerability. No patch has been made available yet. Firefox users are encouraged to disable JavaScript until a patch is issued to avoid leaving their computer system vulnerable for the attack.

Users working with security add-ons like NoScript might consider their Firefox installation safe without disabling JavaScript. It is however theoretically possible to compromise websites that are in the whitelist of the add-on (if the whitelist is used) which would make the system vulnerable to this kind of attack.

JavaScript can be disabled in the Firefox options in the content tab.

The Mozilla Firefox team is currently distributing the Firefox 3.5.1 update to all mirror websites. It is expected to be announced publicly in the next 48 hours giving Firefox 3.5 users a change to update their web browser to fix the security vulnerability.

The release is not available on any of the popular download portals yet. We took the liberty to upload the US version of Firefox 3.5.1 for the Windows operating to a free file host from where it can be downloaded. Users who use a different operating system or language will have to wait a while longer before they can download and update their version of Firefox.

The big download portals are expected to offer Firefox 3.5.1 soon as a download on their website. Cautious users might want to wait until the new version has been announced officially by the Firefox team. Users who have applied the temporary workaround to Firefox 3.5 should undo the changes by doing the following:

Type in about:config in the Firefox address bar and hit enter. Now filter for the term javascript.options.jit.content and double-click it afterwards to set it to true which enables the Tracemonkey JavaScript engine.

Firefox 3.5.1 US for Windows can be downloaded from Mediafire.

The security vulnerability can be fixed the following way. Type in about:config in the Firefox address bar and hit enter. Now filter for the term javascript.options.jit.content and double-click it afterwards to set it to false which disables the Tracemonkey JavaScript engine. This in turn could (and most likely will) reduce the JavaScript performance of the Firefox 3.5 web browser until an official security patch is provided by the Mozilla Firefox team.

The security patch is expected to be released soon by the Firefox development team. Stay tuned, we keep you updated.

The good news is that Firefox 3.0.8 has already been uploaded to the official Mozilla ftp site. It can be downloaded from there by everyone. The problem is that some users and the Mozilla team discouraged users to post links to those new releases to avoid disturbing the mirror distribution process and to avoid complications if that release will receive a last minute fix.

That’s a catch-22 situation as you can imagine. Interested users should perform a search for the Mozilla ftp site on Google or another search engine to locate it. They will find a Firefox directory there and another subdirectory called 3.0.8 which contains downloads for all languages and operating systems supported.

If you want to be safe download it right away. If you want to wait for the official announcement install and use the No Script add-on to increase Firefox security and avoid falling prey to the vulnerability.

The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about the visited websites. The safest would be to switch to another web browser at least for the time until the Mozilla developers have published the update that fixes the vulnerability in the web browser or a hot fix becomes known.

The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification.

Two of my add-ons stopped working and I had to manually edit them so that they I could continue using them. Two of the three vulnerabilities have been the same that were fixed in Firefox 2 while one is a Gif rendering vulnerability on Mac OS X that could crash the browser.

The other two just for those who have not read the update post are a remote code execution vulnerability and the launching of multiple tabs when Firefox is not running.

Besides that several other updates have been made, most notably several stability and bug fixes. For a complete list of changes check the release notes. The download is available at the official Mozilla Firefox 3 website. Automatic Updates have been kicking in as well.

The update is a security update that fixes two critical security vulnerabilities that allow remote code execution and the opening of multiple tabs if Firefox is not running. Take a look at the Mozilla Foundation Security Advisory articles here and here if you want to read up on the vulnerabilities.

The latest version of Firefox can be downloaded right from the Mozilla website which includes versions for all supported operating systems and languages. Automatic upgrades will be available in the next 24-48 hours as well.

I suggest you update your version of Firefox 2 as soon as possible, users of Firefox 3 seem safe for now and do not have to do anything. The same issue will also be fixed in upcoming releases of Thunderbird and Seamonkey which are not yet available for download.