On mySimon: Toys of the Year Award Winners
BNET Business Network:
BNET
TechRepublic
ZDNet

March 26th, 2009

Exploit code sends Mozilla scrambling to fix Firefox

Posted by Ryan Naraine @ 6:48 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Firefox, Hackers, Malware, Metasploit, Mozilla, Open source, Passwords, Patch Watch, Research, Responsible disclosure, Vulnerability research, Zero-day attacks

Tags: Mozilla Firefox, Exploit Code, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

[ UPDATE:  Mozilla has shipped a patch for this vulnerability ]

Mozilla’s security response team is scrambling to ready a patch for what appears to be a serious security flaw affecting its flagship Firefox browser.

The vulnerability, released alongside proof-of-concept code on several security sites, could lead to malicious code execution attacks if a Firefox user is lured to a Web site rigged with exploits.  It affects all versions of the open-source browser, including the newest Firefox 3.0.7.

According to this advisory, the issue a boundary condition error.

  • An attacker can exploit this issue to execute arbitrary code within the context of the affected browser. Failed exploit attempt will result in a denial-of-service condition.

Mozilla has started an investigation of the issue, which is described in a bug report as “critical.”

  • Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk (and presumably 1.9.1, didn’t test). Null, but it’s being called, assuming the worst for the moment.

Rob McMillan is reporting that Firefox 3.0.8 will be released sometime next week with a fix for this vulnerability.

[ UPDATE:  Mozilla has shipped a patch for this vulnerability ]

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 88 Talkback(s)
Real reason for quick fix
The flaw had been reported, and a patched had been written and reviewed - back in November. Somebody dropped the ball, or this vulnerability would have been patched long before there was an exploit fo... (Read the rest)
Posted by: Greenknight_z Posted on: 03/31/09 You are currently: a Guest | | Terms of Use
Not intended to be flame-bait but  marksashton | 03/26/09
RE: Not intended to be flame-bait but ...  n0neXn0ne | 03/26/09
Horses for ...  chrisn@... | 03/26/09
I believe marksashton when he claims  GuidingLight | 03/26/09
Not me!  hardknoxfirst | 03/26/09
To borrow from history  Mihi Nomen Est | 03/27/09
My guess...  marksashton | 03/26/09
SO?  egoss@... | 03/26/09
Everyone should be using IE8 now. Not only is it lightening fast....  xuniL_z | 03/26/09
If IE8 still has IE7's look, I'll stick with Firefox...  D. W. Bierbaum | 03/27/09
You won't like it. I mean there are a few UI changes and new menus...  xuniL_z | 03/29/09
Identify Yourself!  Mihi Nomen Est | 03/27/09
You First.  xuniL_z | 03/29/09
Mozilla isn't a predatory monopoly...  hasta la Vista, bah-bie | 03/30/09
Thank you, Mr. Gates!  EBathory | 03/28/09
Well, I'm self employed, but thank you...  xuniL_z | 03/29/09
And I have a bridge to sell xuniL_z  hasta la Vista, bah-bie | 03/30/09
Why?  mathcreative | 03/29/09
Yeah, the others don't need ActiveX  hasta la Vista, bah-bie | 03/30/09
Not even....  Mihi Nomen Est | 03/27/09
...does anyone use IE8?  deowll | 03/27/09
Simply install $otherbrowsername$ - $curbrowser$ is FULL of holes!!  bdlang@... | 03/26/09
DOS?  bmgoodman | 03/26/09
YAWN?  KTLA | 03/26/09
Or better still ...  de-void | 03/26/09
This is silly.  jskline0@... | 03/26/09
Firefox runs will full rights as the user running...  logicearth@... | 03/26/09
Corrected 1st paragraphs. ..Yawn..  joe.smetona@... | 03/26/09
Affects Firefox on Mac  Ryan NaraineZDNet Moderator | 03/26/09
Thanks, that's a shame.  joe.smetona@... | 03/26/09
What?????  MGP2 | 03/26/09
Need a hobby?  joe.smetona@... | 03/27/09
exploit works everywhere (Linux too). Already Fixed!  Rick S._z | 03/26/09
Thanks.  joe.smetona@... | 03/26/09
Joe, I disagree with you on this....  Rick S._z | 03/26/09
Real life vs. individual attack using Java, etc.  joe.smetona@... | 03/27/09
so since I clear my cookies and don't use thunderbird  tmsbrdrs | 03/27/09
24,400 archived emails.  joe.smetona@... | 03/27/09
Are you serious.  xuniL_z | 03/26/09
Actually, it's easy.  joe.smetona@... | 03/27/09
You didn't reply to my post.  xuniL_z | 03/29/09
You may be right  mathcreative | 03/29/09
It will be fixed next week  jorjitop | 03/26/09
No, it's fixed ALREADY.  Rick S._z | 03/26/09
Re: It will be fixed next week  ITSa341@... | 03/26/09
howels of outrage not needed  egoss@... | 03/26/09
More like the howls aren't needed...  D. W. Bierbaum | 03/27/09
If this were IE8  tmsbrdrs | 03/27/09
ff 'error in code!!'  susanai | 03/28/09
How much did I pay for Firefox?  sporkfighter | 03/30/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  madhead@... | 03/26/09
FAIL  de-void | 03/26/09
SO . . .  JLHenry | 03/26/09
Not the same thing  magcomment | 03/26/09
Jeff Jones is doing BOGUS hand-waving.  Rick S._z | 03/26/09
Have you read Mozilla's comment on the report?  914four | 03/26/09
Thanks for the link!  eMJayy | 03/26/09
Does this exploit also affect the Firefox 3.1 betas ?  mhenriday | 03/26/09
hear hear!  JoeMama_z | 03/26/09
YES, 3.x is vulnerable (but they're already fixed).  Rick S._z | 03/26/09
Intentional?  Mihi Nomen Est | 03/27/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  dapostolides | 03/26/09
Not likely  eMJayy | 03/26/09
You mean...  logicearth@... | 03/26/09
Wow MS invented Sandboxing !  Alan Smithie | 03/27/09
fairies live at the bottom of my garden  1djk1 | 03/27/09
Never said Microsoft invented sandboxing. Read again (NT)  logicearth@... | 03/27/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  ttocsmij | 03/26/09
Git R Done...  dayfydd | 03/26/09
They "GOT-R Done" already.  Rick S._z | 03/26/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  nbrito | 03/26/09
MS, Beat that for patch time  Alan Smithie | 03/26/09
Profile your Browser with AppArmor  no_zd_user_name | 03/26/09
According to this advisory, the issue a boundary condition error.  vilppuu@... | 03/26/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  atari8bit@... | 03/26/09
Another case for NoScript  Greenknight_z | 03/27/09
Firefox 3.0.8 released today  Mark_L | 03/27/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  progon | 03/27/09
C / C++  Mihi Nomen Est | 03/27/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  Tsingi | 03/27/09
Re: Profile your Browser with AppArmor  Tsingi | 03/27/09
Firefox 3.08 is out...  eMJayy | 03/27/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  azBob111 | 03/27/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  EBathory | 03/28/09
RE: Exploit code sends Mozilla scrambling to fix Firefox  jscoulteresq@... | 03/28/09
Real reason for quick fix  Greenknight_z | 03/31/09
Browser Wars (yet again)  anthony@... | 03/29/09
at least Mozilla scrambles to fix while M$ just tries to hide. (nt)  wessonjoe | 03/30/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
Click Here

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc