CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 26th, 2009

Serious Security Flaw In Firefox 3.0.7, Exploit Already Available

Mozilla’s security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser. The remote memory corruption vulnerability affects Firefox XSL parsing ‘root’ XML tag.

The vulnerability, released alongside proof-of-concept code on several security sites, could lead to malicious code execution attacks if a Firefox user is lured to a Web site rigged with exploits. It affects all versions of the open-source browser, including the newest Firefox 3.0.7.

According to SecurityFocus advisory, an attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.

Mozilla has started an investigation of the issue, which is described in a bug report as “critical.” Firefox 3.0.8 will be released sometime next week with a fix for this vulnerability.

Credit: ZDNet Security Blogs

Share this item with others:

More on CyberInsecure:
  • Unpatched Memory Corruption Flaw In Latest Firefox 3.5 Can Install Malware
  • New Firefox 3.0 Is Vulnerable To High-Severity Code Execution
  • Attack Code For Mozilla’s Firefox Zero-day Vulnerability Released By Researcher
  • Nobel Peace Prize Website Compromised, Infects Visitors Through Zero-Day Firefox Vulnerability
  • Two Critical Vulnerabilities Fixed By Mozilla In Firefox 3.0.8

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Serious Security Flaw In Firefox 3.0.7, Exploit Already Available

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.