|
awenlock -> Firefox, 2.x & 3.x, Code Execution Vulnerability (6/19/2008 11:20:13 AM)
|
Details have been emerging over the last day or so regarding a new, 0-Day, vulnerability that has been found in Firefox. Although a lot of press has highlighted that this affects the new 3.0 version that came out on Tuesday its important to note that this also affects the older 2.x versions too.
Quote:
A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code e.g. when a user visits a specially crafted web page. The vulnerability is reported in versions 3.0 and 2.0.x. Other versions may also be affected.
At the moment there is no fix for this but word is that Mozilla are currently working on this issue and whilst they work on this fix there are no exact details of the vulnerability being published.
Links:
Secunia: http://secunia.com/advisories/30761/
FrSIRT: http://www.frsirt.com/english/advisories/2008/1873
TheRegister: http://www.theregister.co.uk/2008/06/19/firefox3_bugs/
Regards
Alan
|
|
|
|
