AfterDawn: Tech news

Russian researcher releases attack code for Firefox 3.6 flaw

Written by James Delahunty (Google+) @ 20 Feb 2010 5:37

Russian researcher releases attack code for Firefox 3.6 flaw A Russian researcher has released attack code to exploit a critical vulnerability found in Mozilla's latest version of the Firefox web browser. It triggers a heap corruption vulnerability in the open-source browser that can allow attacks to execute malicious code remotely. He added it as a module to Vulndisco, which is an add-on for the Immunity Canvas automated exploitation system sold to security professionals.
"We've played a lot with it in our labs - it was very reliable," Evgeny Legerov, founder of Moscow-based Intevydis, told The Register. "Works against the default install of Firefox 3.6. We've tested it on XP and Vista." Mozilla issued Firefox 3.5.7 (for those who haven't upgraded to Firefox 3.6 yet) during the week to address security concerns, one of which was described as a heap corruption vulnerability.

Legerov said that the bug fixed by Firefox 3.5.7 is not the same one that he is exploiting in the lab however. While currently only being available to security researchers that pay a fee, details of the attack could spread with time.

"Mozilla takes all security vulnerabilities seriously, and have as yet been unable to confirm the claim of an exploit. We value the contributions of all security researchers and encourage them to work within our security process, responsibly disclosing vulnerabilities to ensure the highest level of security and best outcome for users," Mozilla said in a statement.

Previous Next  
Comments have been disabled for this article.

Latest news

Intel announces: First commercial 5G modem in development Intel announces: First commercial 5G modem in development (20 Nov 2017 16:46)
The world's second largest semiconductor manufacturer, Intel, has announced a major project in mobile chips. The company has introduced a future portfolio for commercial 5G modems. According ....
1 user comment
CCleaner becomes adware, here's how to avoid Avast ads CCleaner becomes adware, here's how to avoid Avast ads (20 Nov 2017 13:00)
One of the more popular Windows cleanup tools, CCleaner, has added Avast ads on to their software. After being acquired by Avast, CCleaner wants you to install the virus protection suite along ....
5 user comments
Tesla's power pack charges your phone like a Supercharger Tesla's power pack charges your phone like a Supercharger (18 Nov 2017 13:25)
Tesla announced yesterday two incredible products that are due in two or three years. However, you might not have the money, nor the interest, to buy either Tesla Semi or Roadster, but there ....
Apple's newest product misses the entire holiday season, hits the stores in early 2018 Apple's newest product misses the entire holiday season, hits the stores in early 2018 (18 Nov 2017 12:20)
Apple has decided to push back one of the products originally revealed nearly 6 months ago in WWDC. The smart speaker, dubbed HomePod, has been delayed further and won't be seen in stores this ....
1 user comment
Tesla unveils two new vehicles, electric semi and super-fast new Roadster Tesla unveils two new vehicles, electric semi and super-fast new Roadster (17 Nov 2017 10:53)
Tesla has today announced two new vehicle prototypes that will bring the total number of Tesla cars, and now trucks, to six. As expected Tesla unveiled their "beastly" semi-truck the first time ....
1 user comment

News archive