Security assured as Mozilla and Adobe patches emerge

Nobel Trojan reined in and Shockwave calmed in latest updates.

Adobe Shockwave Player in Mozilla Firefox

Rapid action saw Mozilla issue a fix for the flaw exploited on the Nobel Peace Prize website within 48 hours of its discovery. After a week, Adobe has rolled out a patch for Shockwave.

Visitors using Mozilla Firefox browsers to view the Nobel Peace Prize website were alarmed to find that a Trojan had been secreted there. Within two days of receiving a report from Norwegian security firm Telenor, the patch had been issued for versions 3.5 and 3.6 of the browser .

The company has issued a statement that assures users of the Firefox 4 beta that they are safe, even though their browsers had the same flaw.

"Firefox 4 beta users appear safe for the moment," Daniel Veditz, a Mozilla security engineer, blogged.

"The underlying problematic code does exist, but other code changes since Firefox 3.6 seem to be shielding us from the vulnerability."

Telenor said that visitors to the Nobel site were redirected to a Taiwanese server that responded with a JavaScript exploit. The script was designed to install a Trojan horse on any redirected Windows PC. In turn the Trojan downloaded more malware put the hacker in complete control.

The Trojan has also been neutralised by Avira, a German security company. The Trojan's links to the hacker's command-and-control servers had been severed, Avira said.

Adobe has also been busy patching a vulnerability that surfaced in Shockwave Player version 11.5.8.612 and earlier for Mac and Windows. Unlike the Firefox vulernability, the Adobe flaw was being targeted by several attacks.

In an advisory issued over a week ago, Adobe warned that an attacker could cause a system crash and take control of any vulnerable system.

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020
Sophos warns customers of potential data leak
Security

Sophos warns customers of potential data leak

26 Nov 2020
Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron
Security

Weekly threat roundup: VMware, GitHub, Facebook, and MobileIron

26 Nov 2020
Egregor ransomware could take up where Maze left off
Security

Egregor ransomware could take up where Maze left off

26 Nov 2020

Most Popular

80% of cyber professionals say the Computer Misuse Act is working against them
Security

80% of cyber professionals say the Computer Misuse Act is working against them

20 Nov 2020
Cisco acquires container security startup Banzai Cloud
Security

Cisco acquires container security startup Banzai Cloud

18 Nov 2020
350,000 Spotify users hacked in credential stuffing attack
Security

350,000 Spotify users hacked in credential stuffing attack

24 Nov 2020