Mozilla Firefox 3.0 Vulnerability

Started by Corrine, June 19, 2008, 12:06:15 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Corrine

DVLabs
QuoteWhat we can confirm is that about five hours after the official release of Firefox 3.0 on June 17th, our Zero Day Initiative program received a critical vulnerability affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page.(Bold added)

C|Net
QuoteMozilla is reported to be working on a fix.

The Zero Day Initiative has been criticized in the past for paying researchers who find vulnerabilities.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

techie

So, this is not just limited to the 3.0 version only and as well all previous 2.0 version releases are affected with the same problem?

Corrine

Correct, 2.0.x and 3.0 are affected. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.