Serious Security Flaw In Firefox 3.0.7, Exploit Already Available
Mozilla’s security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser. The remote memory corruption vulnerability affects Firefox XSL parsing ‘root’ XML tag.
The vulnerability, released alongside proof-of-concept code on several security sites, could lead to malicious code execution attacks if a Firefox user is lured to a Web site rigged with exploits. It affects all versions of the open-source browser, including the newest Firefox 3.0.7.
According to SecurityFocus advisory, an attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.
Mozilla has started an investigation of the issue, which is described in a bug report as “critical.” Firefox 3.0.8 will be released sometime next week with a fix for this vulnerability.
Credit: ZDNet Security Blogs
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.