Skip to navigation
   
Davey Winder's Blog
RSS

In need of an urgent Firefox fix

By Davey Winder in Editorial

Posted in Blog, Firefox, Security on March 26, 2009 at 7:59 pm

Permalink | Author Profile

With the publication of drive by download attack code this week which impacts Firefox security on all platforms by exploiting an unpatched and critical flaw in the browser, and the successful hacking of the Firefox client (as well as IE8 and Safari) at the CanSecWest PWN2OWN competition, you might be getting a little concerned that the ‘more secure than Internet Explorer’ choice isn’t, perhaps, so secure after all.

It’s somewhat annoying that the exploit code was published yesterday, before Mozilla had actually released a patch, so giving the bad guys time to modify it and attempt to get malicious software onto end user machines as a result. However, the underlying vulnerability known officially as Bug 485217 - or if you are a real glutton for punishment the ‘Exploitable crash in xMozillaXSLTProcessor::TransformToDoc’ bug - which according to Bugzilla allows “Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk” is to be fixed with the release of Firefox 3.0.8

Luckily there is not long to wait for the update, it is due to roll out at the start of next week thanks to it now being flagged as a high priority security update.

Unluckily, there is no word yet of a fix for the PWN2OWN vulnerability, and anyway a week is a hell of a long time in the world of the malware hacker.

Maybe Google Chrome is a more secure browser bet after all?

12345
Rated: 65% (4 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Conrad - March 27, 2009 on 5:49 pm

I am thrilled that these bugs are out in the open. Bugs which are not publicly acknowledged are exploited for a long time.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

scam IP man-in-the-middle stupid payments RATM Children library China Google iPod console Nintendo ID Theft web workplace football Health encryption XP eBook debian virtualisation Mobile Phones Spotify memory acquisition Space Advertising transactional security Software earth hour Digg data protection gaming Google Earth innovation mail fraud Programming ISPA Deal compromise The Federation fake report Enterprise search Mobile Phone Addiction work environment Supercomputer Firefox banking recession teleworking MiniBook Kaspersky hoax xmas computers symantec Michael Jackson Blogging rootkits Texting ISP tax carbon copy Parenting Sex archiving Energy Networks surveys christmas campaign economics Retail parental control Digital Footprint Analysis Cisco Apple Twitter sick chips iPhone 3GS Opinion Banned Video spam science virtual world malware news Gadget Steve Jobs Review Death Obama service computer Netbook Architecture hubdub information Dell Jesus Phone Paris Hilton remote working dumb Gateway Notebooks Game office prison Pirate Rant worker OS Steve Ballmer Psion McKinnon Palm fun standards Browser web 2.0 gadgets Internet Explorer storage DNS data Election trust Music e-commerce Experiment Mars betting Kindle holidays phishing support stupidity Porn Kin spending economy tech Eee VeriSign ROFL fool size Hack wifi students Europe Voice NBC NASA Project black hat MSN Adobe Blog world of warcraft banks Geeks desktop Backlash Palm Pre crime home botnet Nexus shopping payment server staffing games Media Vista green School HPC money Kill Switch Silverlight Eee PC services Employment Tesco family privacy survey RAM Beta linkedin Conference poll credit crunch biometrics Mafia ASUS GSM Russia documentation PS3 digitise Battery Olympics social networking policy Research Madness Sony HP meme monetisation Internet migration iPad e remote Lotus hardware iPhone statistics avatar FBI hacker management IDC graphics Web Development Performance computing Yahoo hypervisor Bill Gates cloud Recall Texas Instruments scan VPN nightmare credit card fraud network hacking President universe Rumour Windows 7 museum productivity virtual machine Study Developers Ballmer Amazon snooping iPhone 3G BOFH Scotland IBM disclosure MessageLabs Funny SSL law Finjan Apps books Application Browsers computing Guardian Licensing Facebook Flash terrorism Zango YouTube App Windows security open source Big Brother Top 500 admin OCR Gartner Noro adware Army Government InfoSec development AMD Education Trojan Meh Microchip scareware millions politics help Windows Phone 7 Series Marketing worm Data Centre technology outsourcing global mobile copyright exploit Intel lawsuit App Store CAPTCHA Linux Military printing broadband BSI code Press EU Top 10 Trousers USA virus patch management patent Patents SMS smartphone Jobs email Acer VM theft MSNBC Johnny Depp Harry Potter Psychic IT GMail Android ecommerce Microsoft Business second life
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement