Latest Firefox Web Browser Vulnerable to 0-Day Exploit
Dante send me a tip about a 0-day exploit that affects the latest versions of the popular Firefox web browser. The exploit is described as a remote memory-corruption vulnerability that affects Firefox running on all supported operating system (Windows, Linux and Mac).
A proof of concept has been published by the security researcher, and the Mozilla team has acknowledged the existence of the vulnerability. Mozilla announced plans to rush a Firefox 3.0.8 update at the beginning of next week to fix the issue.
The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about which websites are visited in the browser.
The safest would be to switch to another web browser for the time being until Mozilla publishes a fix for the vulnerability.
The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification. This means that it won't take long before the patched version update of Firefox is being published by Mozilla.
Update: Mozilla has fixed the vulnerability in recent versions of the browser.
Update 2: Firefox 3 is reaching the end of its life-cycle. Mozilla announced that it will end support for the browser version on April 2012. Firefox 3 won't receive any updates after this point, and users are encouraged to update to newer versions of the Firefox web browser instead.
Firefox 3 users have basically two options here. They can upgrade to a Firefox 10 Extended Support Release version, which at the time of writing is based on Firefox 10, or they can update to the Firefox stable channel, which currently is at version 11. The difference between both versions is the version increase. The stable channel's version increases all six weeks, while the ESR channel's version only every 42 weeks to a new major version.Advertisement