Firefox Fixes Security Zero-Day
Firefox has patched a zero-day vulnerability uncovered earlier this week.
The company issued an update to Firefox and Thunderbird late Wednesday to patch the vulnerability.
The vulnerability was first uncovered when Telenor SOC reported finding a compromised site redirecting users to a site containing an exploit targeting the issue on a version of Firefox 3.6 on Windows XP SP3. The bug was soon found to affect Firefox 3.5 and 3.6 on all supported platforms. The company also fixed the issue in Thunderbird 3.1.6, Thunderbird 3.0.10 and SeaMonkey 2.0.10.
Mozilla released an advisory about the bug Tuesday, and noted that if the bug is exploited, it could potentially leave users open to remote code execution. Researchers at Norman ASA reported Tuesday that malware found on the Nobel Peace Prize had been using the vulnerability to infect users. The malware attempted to connect to two Internet addresses pointing to a server in Taiwan. If the connection was successful, the attacker would have access to the infected computer, the company reported.
Technical details of the bug report can be found here.