Firefox Fixes Security Zero-Day

 
 
By Brian Prince  |  Posted 2010-10-28 Email Print this article Print
 
 
 
 
 
 
 

Firefox has patched a zero-day vulnerability uncovered earlier this week.

The company issued an update to Firefox and Thunderbird late Wednesday to patch the vulnerability.

The vulnerability was first uncovered when Telenor SOC reported finding a compromised site redirecting users to a site containing an exploit targeting the issue on a version of Firefox 3.6 on Windows XP SP3. The bug was soon found to affect Firefox 3.5 and 3.6 on all supported platforms. The company also fixed the issue in Thunderbird 3.1.6, Thunderbird 3.0.10 and SeaMonkey 2.0.10.

Mozilla released an advisory about the bug Tuesday, and noted that if the bug is exploited, it could potentially leave users open to remote code execution. Researchers at Norman ASA reported Tuesday that malware found on the Nobel Peace Prize had been using the vulnerability to infect users. The malware attempted to connect to two Internet addresses pointing to a server in Taiwan. If the connection was successful, the attacker would have access to the infected computer, the company reported.

Technical details of the bug report can be found here.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel