Latest Firefox Web Browser Vulnerable to 0-Day Exploit - gHacks Tech News

Latest Firefox Web Browser Vulnerable to 0-Day Exploit

Dante send me a tip about a 0-day exploit that affects the latest versions of the popular Firefox web browser. The exploit is described as a remote memory-corruption vulnerability that affects Firefox running on all supported operating system (Windows, Linux and Mac).

A proof of concept has been published by the security researcher, and the Mozilla team has acknowledged the existence of the vulnerability. Mozilla announced plans to rush a Firefox 3.0.8 update at the beginning of next week to fix the issue.

The Firefox exploit could be used to add software to the target system without the knowledge of the users. There is currently no solution to block this attack from being executed other than being very careful about which websites are visited in the browser.

The safest would be to switch to another web browser for the time being until Mozilla publishes a fix for the vulnerability.

The issue has already been fixed according to the bug report that was filed at the Mozilla website and is now awaiting verification. This means that it won't take long before the patched version update of Firefox is being published by Mozilla.

Update: Mozilla has fixed the vulnerability in recent versions of the browser.

Update 2: Firefox 3 is reaching the end of its life-cycle. Mozilla announced that it will end support for the browser version on April 2012. Firefox 3 won't receive any updates after this point, and users are encouraged to update to newer versions of the Firefox web browser instead.

Firefox 3 users have basically two options here. They can upgrade to a Firefox 10 Extended Support Release version, which at the time of writing is based on Firefox 10, or they can update to the Firefox stable channel, which currently is at version 11. The difference between both versions is the version increase. The stable channel's version increases all six weeks, while the ESR channel's version only every 42 weeks to a new major version.

Summary
Article Name
Latest Firefox Web Browser Vulnerable to 0-Day Exploit
Description
A new 0-day vulnerability was discovered in the Firefox web browser recently that affects all versions of the browser for all supported operating systems.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. RG said on March 26, 2009 at 7:32 pm
    Reply

    Further proof that the only reason a piece of software like Firefox is better is because it is open source where bugs and security issues can be resolved and perhaps be found faster.
    That does NOT automatically mean it is safer to use than the well known closed source alternatives.
    Opening a can of worms here and will be flamed for this I think ;)

  2. webfriend said on March 26, 2009 at 8:06 pm
    Reply

    Alternatively if you have NoScript, it will probably block this exploit. Unless of course said website was hacked. OTOH you could also run your browser sandboxed and you’ll be safe!

  3. Dante said on March 27, 2009 at 5:27 am
    Reply

    I took a peek at the exploit listed on Firefox’s developer page. It looks like “webfriend” is right about NoScript.

    And I also browse unknown sites in a sandbox. Vista Ultimate comes with a Virtual PC that lets you run programs without saving it permanently to the Virtual PC image. And if you like what you see on the webpage in the Virtual PC, you can copy and paste it out to your normal OS.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.