6
POPS Attack code posted for unpatched Firefox 3.5 flaw July 14th, 2009 Mozilla’s security response team is scrambling to respond to the release of exploit code A zero day exploit (Firefox 3.5 Heap Spray Vulnerability) affecting Mozilla’s latest Firefox release has been published in the wild. Through an error in the processing of JavaScript code in ‘font tags’ malicious attackers could achieve arbitrary code execution and install malware on the affected hosts. There’s no indication of its use on a global scale just yet, however due to the fact that the PoC is now public, it shouldn’t take long before cybercriminals embed it within the diverse exploits set of their web malware exploitation kits, allowing it to scale.
1
POPSMozilla released Firefox 3.0.7 Security Advisories of Mozilla: * MFSA 2009-11 URL spoofing with invisible control characters * MFSA 2009-10 Upgrade PNG library to fix memory safety hazards * MFSA 2009-09 XML data theft via RDFXMLDataSource and cross-domain redirect * MFSA 2009-08 Mozilla Firefox XUL Linked Clones Double Free Vulnerability * MFSA 2009-07 Crashes with evidence of memory corruption (rv:1.9.0.7) http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.7
0
POPSFirefox Tops List Of 12 Most Vulnerable Apps According to application whitelisting vendor Bit9, Firefox topped the list of 12 widely deployed desktop applications that suffered through critical security vulnerabilities in 2008. These flaws exposed millions of Windows users to remote code execution attacks.
0
POPSFirefox / Seamonkey HTTP Referer Vulnerability This issue relates to Cross-site Request Forgeries. One countermeasure is for the authenticating web site to check the HTTP Referer header to ensure the request is coming from an authorized site. This vulnerability permitted an attacker to delay the loading of the attack script until the intended (permitted) referring page was loaded, which would circumvent HTTP Referer checks to prevent CSRF. Solution: Update to Firefox 2.0.0.10 and latest version of SeaMonkey. See next post for explanation of CSRS (aka XSRF)
0
POPSFirefox 2.0.0.3 - Wassup? I have to wonder about this myself as my computer downloaded this fix twice and after the first automatic update installed, something went awry to the extent that it looks like the problem they were trying to fix. Not happy. Don't appreciate my computer telling me that some .dll was moved to memory and replaced something else that should be where it is no longer. Confused? So am I.
0
POPSFirefox still more secure than IE Though the author seems to go out of his way to praise Microsoft and make Firefox look bad, he was forced to admit that Mozilla patches vulnerabilities faster than Microsoft. Then if you stop looking at irrelevant stats like how many vulnerabilities are discovered in a given length of time and start looking at how many vulnerabilites remain unpatched now and how severe they are, FF comes out on top by a long shot (4 vs. 18, Less Critical vs. Moderately Critical according to Secunia.com). And that's a pretty good showing by Microsoft, who usually can be counted on to leave an Extremely Critical flaw unpatched for months at a time.
5
POPSFirefox Password Bug An important security alert, as this bug is actually being exploited. If you enjoy ill-informed debates about browser security, you can go to the site and read the comments thread.
1
Pops
Newest Clips
Latest Comments
Most Pops
Print
Save
Turn on live update