Skip to navigation
   
Davey Winder's Blog
RSS

In need of an urgent Firefox fix

By Davey Winder in Editorial

Posted in Blog, Firefox, Security on March 26, 2009 at 7:59 pm

Permalink | Author Profile

With the publication of drive by download attack code this week which impacts Firefox security on all platforms by exploiting an unpatched and critical flaw in the browser, and the successful hacking of the Firefox client (as well as IE8 and Safari) at the CanSecWest PWN2OWN competition, you might be getting a little concerned that the ‘more secure than Internet Explorer’ choice isn’t, perhaps, so secure after all.

It’s somewhat annoying that the exploit code was published yesterday, before Mozilla had actually released a patch, so giving the bad guys time to modify it and attempt to get malicious software onto end user machines as a result. However, the underlying vulnerability known officially as Bug 485217 - or if you are a real glutton for punishment the ‘Exploitable crash in xMozillaXSLTProcessor::TransformToDoc’ bug - which according to Bugzilla allows “Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk” is to be fixed with the release of Firefox 3.0.8

Luckily there is not long to wait for the update, it is due to roll out at the start of next week thanks to it now being flagged as a high priority security update.

Unluckily, there is no word yet of a fix for the PWN2OWN vulnerability, and anyway a week is a hell of a long time in the world of the malware hacker.

Maybe Google Chrome is a more secure browser bet after all?

12345
Rated: 65% (4 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Conrad - March 27, 2009 on 5:49 pm

I am thrilled that these bugs are out in the open. Bugs which are not publicly acknowledged are exploited for a long time.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Big Brother report iPad Digg Advertising technology wifi RAM Kill Switch computing copyright chips Psion MiniBook data protection Mafia Michael Jackson phishing snooping hacker virtualisation cloud computer Steve Jobs help Digital Footprint Dell Android Parenting hacking Internet Mobile Phones Mobile Phone second life workplace news Windows Game Twitter Military Vista EU McKinnon nightmare Yahoo Government China ISPA OCR work Conference Patents remote working Top 10 Jobs fool worm SMS Europe security size Eee patent YouTube information web black hat VPN AMD Architecture Gartner services Addiction betting surveys The Federation crime virtual machine Performance computing tax data virus home symantec innovation rootkits Paris Hilton recession hypervisor HP SSL Business BSI support migration Energy global politics Eee PC PS3 CAPTCHA Palm Pre poll Cisco statistics disclosure Browser Texting Kindle Backlash Obama tech e-commerce Developers earth hour IDC Harry Potter Study Beta shopping search Top 500 millions MessageLabs football open source Zango RATM Gateway law archiving Sony Sex payments outsourcing scam Google Earth stupidity Banned campaign Lotus storage code computers development Voice books broadband App Store remote Acer Education Palm Intel terrorism Press InfoSec Children IBM Flash documentation fun holidays Meh ISP VeriSign botnet adware IP encryption Steve Ballmer admin Psychic digitise Windows 7 Finjan ASUS malware VM Guardian Opinion MSNBC Microsoft Election XP Application FBI App Porn Pirate Death games OS lawsuit money Analysis Johnny Depp hoax gaming Texas Instruments teleworking Microchip Olympics gadgets Blogging Retail hardware Bill Gates HPC museum Scotland BOFH Health Rant avatar office green email iPhone 3GS Research Supercomputer payment server Ballmer Geeks Tesco web 2.0 meme privacy management Marketing stupid DNS desktop christmas Enterprise Russia mobile Army Silverlight Apps Netbook Nexus trust banking fraud USA Video hubdub Jesus Phone Software worker NBC sick ID Theft environment memory parental control exploit graphics productivity IT GMail Spotify Hack Media Noro universe Adobe standards fake network debian smartphone Amazon survey man-in-the-middle Programming Facebook Nintendo Gadget service Madness ROFL Recall Experiment scan Employment virtual world Mars ecommerce Music Trousers Data Centre transactional security acquisition Google patch management spam scareware credit crunch iPhone President eBook carbon copy iPod iPhone 3G compromise library world of warcraft Apple xmas science Web Development spending theft Funny mail GSM Firefox social networking staffing e credit card fraud NASA students Kaspersky Browsers Internet Explorer Space Blog dumb economy Battery Windows Phone 7 Series Kin printing Project monetisation economics Rumour family linkedin Trojan biometrics MSN Networks banks Licensing prison console Linux Review policy Notebooks Deal School
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement