CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 14th, 2009

Unpatched Memory Corruption Flaw In Latest Firefox 3.5 Can Install Malware

An unpatched memory corruption flaw in the latest version of Firefox creates a means for hackers to drop malware onto vulnerable systems.

Security notification firm Secunia reports that the security bug (which it describes as extremely critical) stems from errors in handling JavaScript code. The flaw has been confirmed in the latest 3.5 version of Firefox, released in late June.

Older versions of the popular alternative browser might also be affected, Secunia warns.

Exploit code has been uploaded onto recently revived security exploit website milw0rm, a factor that could hasten the development of more attack code.

Secunia advises Firefox users to avoid browsing untrusted websites or following untrusted links pending the availability of a fix from Mozilla (there’s nothing in the pipeline just yet).

The appearance of an unpatched vulnerability in Firefox could hardly have come at a worse time because it coincides with confirmation from Microsoft on Monday of a second unpatched ActiveX flaw affecting users of its Internet Explorer software.

Only one of these two security bugs is likely to be fixed later on Tuesday, when Microsoft publishes its monthly Patch Tuesday update. That prompted some security researchers, including those at the SANS Institute’s Internet Storm Centre, to consider the use of an alternative browser on the grounds of security.

Selecting Firefox over IE when both have unresolved security problems fails to make much sense, leaving Windows users looking for more secure surfing software alternatives with a choice limited to Opera, Safari and Google Chrome.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Serious Security Flaw In Firefox 3.0.7, Exploit Already Available
  • Attack Code For Mozilla’s Firefox Zero-day Vulnerability Released By Researcher
  • Mozilla Fixes 12 Security Vulnerabilities In Firefox 2.0.0.15
  • Critical Memory Flaws Fixed By Mozilla In Firefox 3.0.7
  • Numerous Securty Vulnerabilities Patched In Firefox 3.0.5

    • Posted in Malware, Vulnerabilities, Windows | Print This Post Print This Post

    This entry was posted on Tuesday, July 14th, 2009 at 7:36 am and is filed under Malware, Vulnerabilities, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Unpatched Memory Corruption Flaw In Latest Firefox 3.5 Can Install Malware

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »