New flaw found in Firefox browser
By Rene Millman,
A vulnerability that affects the popular Firefox browser could allow hackers to run malicious code on victims' computers.
According to researchers at anti-virus firm Sophos, the flaw lies in the way that Firefox and a plug-in for Apple's Quicktime work together. The exploit could allow privileged code to run on an unpatched computer that could access data.
The exploit was discovered by independent security researcher Perko Petkov. According to Petkov, code could be run on a computer that lets attackers run script commands on systems running Firefox 2.0.0.6 or earlier and give them a way to take over computers completely.
But Mozilla's chief of security Window Snyder said that the browser was patched in six and a quarter days. "When a vendor ships security fixes quickly, it lowers the incentive for attackers to spend time developing and deploying an exploit for that issue," said Snyder in a blog.
"The window of opportunity for attackers is reduced and so is the potential to compromise users. So thanks you guys, for helping destroy the economics of malicious exploit development," Snyder added.
Graham Cluley, senior technology consultant for Sophos said that not only did users need to update Firefox to the latest version (2.0.0.7) but also needed to make sure that they considered implementing a Network Access Control (NAC) solution to defend against this and future vulnerability issues.
"While Internet Explorer is more often the target of attack for hackers than Firefox, that doesn't mean that users of non-Microsoft products can stick their heads in the sand about security. There are no excuses for dragging your feet, and not using the latest version of your internet browser," he said.
Cluley recommended that companies ensured that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place. He said that NAC could help organisations ensured that only properly secured PCs are able to connect, "and give visibility as to which computers are not defended against the dangerous vulnerabilities."
advertisement
Latest Security Features
Who should be Britain’s cyber security czar?
Experts reveal what a UK head of cyber security would need to do, while we put forward possible candidates for the role.
- The reality of movie technology
- Do smartphones need security software?
- Protecting the London 2012 Olympic Games
- Focus on... Flexible working
- Cyber policing and surveillance in Britain today
- How an FBI agent transformed Microsoft security
- Can security concerns kill cloud computing?
- GhostNet: Did the Chinese government hack the world?
- How poor web security nearly lead to a jail term
Latest Security Reviews
HP BladeSystem c3000 review: blade server
Rating: 
- CA ARCserve Backup r12.5 review
- FaceTime Communications USG530 - web filtering appliance review
- Guardium 7 – database security review
- Google Apps Premier Edition
- SmoothWall UTM-1000 review
- Lenovo ThinkPad USB Portable Secure Hard Drive
- LogRhythm LR-500-XM review
- EXCLUSIVE - eSoft ThreatWall 250
- Zebra RZ400 - RFID Printer
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
Whitepapers
Want more background on today's hottest IT trends?
Visit IT PRO's whitepaper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?