Skip to navigation
   
Davey Winder's Blog
RSS

In need of an urgent Firefox fix

By Davey Winder in Editorial

Posted in Blog, Firefox, Security on March 26, 2009 at 7:59 pm

Permalink | Author Profile

With the publication of drive by download attack code this week which impacts Firefox security on all platforms by exploiting an unpatched and critical flaw in the browser, and the successful hacking of the Firefox client (as well as IE8 and Safari) at the CanSecWest PWN2OWN competition, you might be getting a little concerned that the ‘more secure than Internet Explorer’ choice isn’t, perhaps, so secure after all.

It’s somewhat annoying that the exploit code was published yesterday, before Mozilla had actually released a patch, so giving the bad guys time to modify it and attempt to get malicious software onto end user machines as a result. However, the underlying vulnerability known officially as Bug 485217 - or if you are a real glutton for punishment the ‘Exploitable crash in xMozillaXSLTProcessor::TransformToDoc’ bug - which according to Bugzilla allows “Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk” is to be fixed with the release of Firefox 3.0.8

Luckily there is not long to wait for the update, it is due to roll out at the start of next week thanks to it now being flagged as a high priority security update.

Unluckily, there is no word yet of a fix for the PWN2OWN vulnerability, and anyway a week is a hell of a long time in the world of the malware hacker.

Maybe Google Chrome is a more secure browser bet after all?

12345
Rated: 65% (4 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Conrad - March 27, 2009 on 5:49 pm

I am thrilled that these bugs are out in the open. Bugs which are not publicly acknowledged are exploited for a long time.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

snooping Marketing Hack Battery virtual world MessageLabs Media shopping Apps linkedin earth hour Europe e Big Brother theft Rant Notebooks books ROFL terrorism open source tax stupidity HPC man-in-the-middle Intel iPhone 3GS payments Banned Children archiving Research School adware encryption report environment innovation computing Sony DNS NBC VM The Federation China Employment Geeks services Game App Obama Netbook CAPTCHA betting transactional security Parenting gadgets size information AMD lawsuit Trojan Kindle chips Google Earth hacking MSN poll office RATM memory Russia Recall Sex Addiction Retail stupid disclosure Psion Kaspersky economy search banks Digital Footprint McKinnon Cisco Windows 7 universe second life trust Health Spotify Madness Paris Hilton Twitter Networks GSM FBI mobile printing Mars Application Johnny Depp ISPA President Jobs Space Eee PC Education email data ASUS millions App Store sick acquisition credit card fraud Video Google Browser HP Mafia malware virtualisation EU Conference Death OCR storage Finjan MSNBC botnet Vista money phishing code computers Study spam Army security games USA hypervisor Bill Gates iPad Yahoo Pirate management GMail Meh workplace Dell gaming ISP tech Palm library family privacy Advertising OS Deal spending SSL teleworking fool Nintendo smartphone Supercomputer Enterprise remote recession Zango politics desktop crime Trousers dumb Mobile Phone graphics productivity virtual machine documentation Linux fake mail rootkits news survey Funny nightmare policy world of warcraft IT RAM campaign copyright development wifi Nexus carbon copy credit crunch Microsoft Flash Kill Switch Architecture IBM Blog monetisation YouTube students Silverlight Performance computing meme Business global migration museum Digg digitise ID Theft staffing statistics web iPhone 3G Press home Psychic Scotland banking hoax Browsers holidays help IDC Adobe Election worm ecommerce hubdub biometrics Top 10 compromise Web Development Military BOFH law MiniBook Top 500 Kin BSI Windows christmas outsourcing e-commerce Amazon Noro Android service Lotus Government console Blogging XP virus Rumour technology Patents scam Steve Ballmer Facebook data protection surveys Harry Potter Backlash fraud hacker eBook payment server Licensing black hat Steve Jobs Windows Phone 7 Series Olympics Texting prison Guardian hardware Beta Acer scareware VPN Mobile Phones science fun economics remote working Voice Ballmer symantec support Gadget Opinion Software Gateway iPod patch management InfoSec admin debian Jesus Phone Internet Explorer Palm Pre PS3 network SMS Project iPhone football Firefox scan Data Centre broadband Apple Review Music NASA computer cloud xmas Internet Tesco Programming social networking exploit VeriSign Experiment avatar Texas Instruments web 2.0 Analysis Porn worker Energy parental control IP Developers Michael Jackson Gartner green patent work Eee Microchip standards
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement