Security assured as Mozilla and Adobe patches emerge

Nobel Trojan reined in and Shockwave calmed in latest updates.

Adobe Shockwave Player in Mozilla Firefox

Rapid action saw Mozilla issue a fix for the flaw exploited on the Nobel Peace Prize website within 48 hours of its discovery. After a week, Adobe has rolled out a patch for Shockwave.

Visitors using Mozilla Firefox browsers to view the Nobel Peace Prize website were alarmed to find that a Trojan had been secreted there. Within two days of receiving a report from Norwegian security firm Telenor, the patch had been issued for versions 3.5 and 3.6 of the browser .

The company has issued a statement that assures users of the Firefox 4 beta that they are safe, even though their browsers had the same flaw.

"Firefox 4 beta users appear safe for the moment," Daniel Veditz, a Mozilla security engineer, blogged.

"The underlying problematic code does exist, but other code changes since Firefox 3.6 seem to be shielding us from the vulnerability."

Telenor said that visitors to the Nobel site were redirected to a Taiwanese server that responded with a JavaScript exploit. The script was designed to install a Trojan horse on any redirected Windows PC. In turn the Trojan downloaded more malware put the hacker in complete control.

The Trojan has also been neutralised by Avira, a German security company. The Trojan's links to the hacker's command-and-control servers had been severed, Avira said.

Adobe has also been busy patching a vulnerability that surfaced in Shockwave Player version 11.5.8.612 and earlier for Mac and Windows. Unlike the Firefox vulernability, the Adobe flaw was being targeted by several attacks.

In an advisory issued over a week ago, Adobe warned that an attacker could cause a system crash and take control of any vulnerable system.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Mozilla to end support for Firefox Lockwise password manager
web browser

Mozilla to end support for Firefox Lockwise password manager

24 Nov 2021
Firefox available on Microsoft Store for first time
web browser

Firefox available on Microsoft Store for first time

9 Nov 2021
Sitecore XP RCE flaw is being actively exploited, ACSC warns
vulnerability

Sitecore XP RCE flaw is being actively exploited, ACSC warns

9 Nov 2021
Adobe rolls out new PayPal payment options through Adobe Commerce
e commerce

Adobe rolls out new PayPal payment options through Adobe Commerce

16 Sep 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021