Attack code posted for unpatched Firefox 3.5 flaw


	Attack code posted for unpatched Firefox 3.5 flaw

merrie

7-15-2009 9:45 PM

212 views

tags:

"highly critical" vulnerability, firefox 3.5, "noscript" firefox addon

merrie says:

July 14th, 2009 Mozilla’s security response team is scrambling to respond to the release of exploit code

A zero day exploit (Firefox 3.5 Heap Spray Vulnerability) affecting Mozilla’s latest Firefox release has been published in the wild. Through an error in the processing of JavaScript code in ‘font tags’ malicious attackers could achieve arbitrary code execution and install malware on the affected hosts.

There’s no indication of its use on a global scale just yet, however due to the fact that the PoC is now public, it shouldn’t take long before cybercriminals embed it within the diverse exploits set of their web malware exploitation kits, allowing it to scale.

2 Comments |

Add a Comment

7-15-2009 9:54 PM

merrie

More details on the mitigation and the exploit itself:

“Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. The issue affects Firefox 3.5; other versions may also be vulnerable.

NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Windows XP SP3.”

Additional testing courtesy of heise Security indicates the exploit crashed Firefox under Vista, and that when tested under Windows 7 RC1 a dialog a...

7-16-2009 12:35 AM

The Infowarrior

Thanks for the heads up

7-16-2009 12:39 AM

merrie

You're welcome Infowarrior

Login to Comment. Not a member yet? Sign up

Today's Top Clips

visit the Top Clips page

View the Top Clips from July 15, 2009

Embed This Clip In Your Site...

<div style="margin: 12px 0px; font-family: arial; color: #333333; background: #ffffff; border: solid 4px #e5e5e5; width: 100%; clear: left;"><div class="CM_CTB_Content_Wrap" style="margin: 0px; padding: 0px;background-color:#e5e5e5;"><div style="border-bottom: solid 1px #dcdcdc; white-space: nowrap; margin-bottom: 8px; background-color: #eeeeee ;background-image: url(http://clipmarks.com/images/source-bg.gif); background-repeat: repeat-x; height: 24px; line-height: 24px; vertical-align: middle; padding-bottom: 4px; color: #666666; font-size: 10px;" ><a href="http://clipmarks.com/clip-to-blog/" title="see clips that are hot right now"><img src="http://content.clipmarks.com/blog_embed/5caced06-1958-4f31-bedb-1a0a4d608dc9/B16AD059-F5E3-406A-97B6-1ADA580A0711/" alt="" width="19" height="19" border="0" style="vertical-align: middle; margin: 0px 4px; display: inline; border: none; float:none;" /></a>clipped from <a title="http://blogs.zdnet.com/security/?p=3749" href="http://blogs.zdnet.com/security/?p=3749" style="font-size: 11px;">blogs.zdnet.com</a></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=3749"><P><A href="http://blogs.zdnet.com/security/?p=3749"><IMG height="120" width="100" alt="" src="http://i.zdnet.com/blogs/firefox3_logo.png" title="firefox3_logo" class="size-full wp-image-3012 alignleft" /></A>Mozilla’s security response team is scrambling to respond to the release of exploit code for a gaping hole in the latest version of its flagship Firefox browser.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=3749"><P>The flaw, rated “highly critical by Secunia, puts millions of Firefox users at risk of remote code execution attacks.</p> <P><SPAN id="more-3749"></SPAN></p> <P>The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption.</P></blockquote><div style="height: 2px; font-size: 2px; background: #dcdcdc; border-bottom: solid 1px #f5f5f5; margin: 2px 4px;"></div><blockquote style="text-align: left; padding: 0px 8px; margin: 4px 0px 8px 0px; background: transparent; border: none;" cite="http://blogs.zdnet.com/security/?p=3749"><P>Successful exploitation allows execution of arbitrary code.</p> <P>The vulnerability is confirmed in version 3.5. Other versions may also be affected.</p> <P>Exploit code has been <A href="http://www.milw0rm.com/exploits/9137">published at Milw0rm</A>.</p> <P>In the absence of a fix, Firefox users and administrators should immediately disable JavaScript.   The US-CERT has a valuable document (<A  href="http://www.us-cert.gov/reading_room/securing_browser/#Mozilla_Firefox">Securing Your Web Browser</A>) with instructions to  help mitigate the risks associated with browser vulnerabilities.</P></blockquote></div><div style="margin: 0px 6px 6px 4px;"><table style="font-size: 11px;border-spacing: 0px;padding: 0px;" cellpadding="0" cellspacing="0" width="100%"><tr><td style="background:transparent;border-width:0px;padding:0px;">&nbsp;</td><td align="right" style="background:transparent;border-width:0px;padding:0px;width:107px" width="107"><a href="http://clipmarks.com/share/B16AD059-F5E3-406A-97B6-1ADA580A0711/blog/" title="blog or email this clip"><img src="http://content7.clipmarks.com/images/c2b-foot.png" border="0" alt="blog it" width="107" height="17" style="border-width:0px;padding:0px;margin:0px;" /></a></td></tr></table></div></div>

New from the makers of Clipmarks: Amplify.com - Don't just share the news...Amplify it!

Clipmarks: Home; New Clips; Top Clips; Dashboard

Popular Topics: News; Life; Science; Technology; Entertainment

Get Started: Sign Up; Install Clipping Tool; How Clipping Works; Clip-to-Blog™; ClipSearch

Tools and Resources: FAQ; ClipWeek; Top Clippers; Top Tags; Site Map

About Clipmarks: About Us; Contact; Copyright; Privacy; EULA

Search Options

Today's Top Clips