New flaw found in Firefox browser

Users urged to update to latest version of Firefox as exploit could allow hackers to run remote code.

A vulnerability that affects the popular Firefox browser could allow hackers to run malicious code on victims' computers.

According to researchers at anti-virus firm Sophos, the flaw lies in the way that Firefox and a plug-in for Apple's Quicktime work together. The exploit could allow privileged code to run on an unpatched computer that could access data.

The exploit was discovered by independent security researcher Perko Petkov. According to Petkov, code could be run on a computer that lets attackers run script commands on systems running Firefox 2.0.0.6 or earlier and give them a way to take over computers completely.

But Mozilla's chief of security Window Snyder said that the browser was patched in six and a quarter days. "When a vendor ships security fixes quickly, it lowers the incentive for attackers to spend time developing and deploying an exploit for that issue," said Snyder in a blog.

"The window of opportunity for attackers is reduced and so is the potential to compromise users. So thanks you guys, for helping destroy the economics of malicious exploit development," Snyder added.

Graham Cluley, senior technology consultant for Sophos said that not only did users need to update Firefox to the latest version (2.0.0.7) but also needed to make sure that they considered implementing a Network Access Control (NAC) solution to defend against this and future vulnerability issues.

"While Internet Explorer is more often the target of attack for hackers than Firefox, that doesn't mean that users of non-Microsoft products can stick their heads in the sand about security. There are no excuses for dragging your feet, and not using the latest version of your internet browser," he said.

Cluley recommended that companies ensured that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place. He said that NAC could help organisations ensured that only properly secured PCs are able to connect, "and give visibility as to which computers are not defended against the dangerous vulnerabilities."

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19
Security

DeviceSHIELD combats rising cyber attacks and online fraud amid COVID-19

24 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020
WAPDropper malware hooks you up to premium telecoms services
Security

WAPDropper malware hooks you up to premium telecoms services

24 Nov 2020
VMware sounds alarm over zero-day flaws in multiple products
Security

VMware sounds alarm over zero-day flaws in multiple products

24 Nov 2020

Most Popular

macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
How computing has revolutionised Formula 1
Sponsored

How computing has revolutionised Formula 1

11 Nov 2020