Jump to content
RIP

0day flaw in Firefox 3.6

Recommended Posts

Posted

A RUSSIAN insecurity outfit has managed to create a zero day exploit for Firefox 3.6 under Windows.

The exploit allows attackers to remotely gain control of a Windows PC thanks to a previously unknown flaw in the Windows version of the Firebadger 3.6 browser software.

Intevydis develops the commercial VulnDisco add-on for the Canvas exploit toolkit that's marketed by the vendor Immunity.

Writing at the company's online forum, Intevydis developer Evgeny Legerov said that his exploit for Windows XP (SP3) and Vista is quite reliable. He said it was an interesting challenge to find the buffer overflow flaw and work out a way to exploit it.

The Mozilla Foundation knows about the exploit but has not made an official statement on it yet and has not released a patch for Firefox 3.6 so far. Secunia says the problem is critical.

It is not clear whether the exploit was behind an increase in the number of Firefox 3.6 crashes that was noted on February 12th and 13th. While those might not have been caused by a real life exploit, they could have been due to the exploit being tested.

Source: theinquirer

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...