0-Day Exploit for Critical Firefox Vulnerability
The release of proof-of-concept exploit code for an unresolved critical bug that allows for remote arbitrary code execution on the latest stable version of Mozilla Firefox has put developers on alert. A fix will be included in the 3.0.8 version of the browser, which is scheduled for release in a few days.
The vulnerability is described on SecurityFocus as a “Boundary Condition Error” and allows an attacker to execute potentially malicious code by calling a malformed XML file from a Web page. Parsing a specially crafted “root” XML tag in an XSL file results in a memory-corruption error.
These drive-by types of attacks have become the weapon of choice for many of today’s malware distributors. Cross-site scripting (XSS) weaknesses are used to inject rogue exploit-serving IFrames into legitimate pages. These exploits target vulnerabilities in popular software such as Adobe Reader, Flash Player, or the browsers themselves. Read More»
Loading ...
