On TV.com: Hope for HEROES Now
BNET Business Network:
BNET
TechRepublic
ZDNet

March 27th, 2009

Mozilla kills Firefox Pwn2Own bug

Posted by Ryan Naraine @ 5:13 pm

Categories: Apple, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Firefox, Mozilla, Open source, Patch Watch, Responsible disclosure, Vulnerability research

Tags: Mozilla Firefox, Vulnerability, Mozilla Corp., Community Member, Web Browsers, Security, Internet, Ryan Naraine

Mozilla has won the race among browser makers to fix code execution holes exploited during this year’s CanSecWest Pwn2Own hacker contest.

The open-source group today shipped Firefox 3.0.8 with fixes for two separate vulnerabilities, including a drive-by download issue used by a hacker named “Nils” to win the Pwn2Own competition.  The update also fixes a zero-day flaw released earlier this week on a public exploit site. Both issues are rated “critical,” Mozilla’s highest severity rating.

[ SEE: Nils2Own: 'I want to see security flaws fixed' ]

The skinny:

  • MFSA 2009-13: Security researcher Nils reported via TippingPoint’s Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim’s computer. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.
  • MFSA 2009-12: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim’s computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre’s findings to Mozilla, and Mozilla community member Martin helped reduce Andre’s original testcase and contributed a patch to fix the vulnerability.

ALSO SEE: Exploit code sends Mozilla scrambling to fix Firefox

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 15 Talkback(s)
Then why is it that....
Firefox patches WORK and Microsoft patches break things??

The excuse doesn't matter - getting the fix out quick matters.

Are we supposed to excuse Microsoft because they are an 800-lb-gorilla so bogged down with RED TAPE that they can't adequately protect their customers??

... (Read the rest)
Posted by: maggietoo9 Posted on: 04/05/09 You are currently: a Guest | | Terms of Use
O.K patched version installed  javajunkie@... | 03/27/09
FYI,  sqr(cos(180)) | 03/30/09
Of course  Greenknight_z | 03/31/09
RE: Mozilla kills Firefox Pwn2Own bug  NStalnecker | 03/27/09
Mozilla Foundation did a great job ...  nbrito | 03/28/09
Ubuntu update already available  eMJayy | 03/28/09
RE: Mozilla kills Firefox Pwn2Own bug  Linux User 147560 | 03/28/09
MS simply cannot compete with that level of responsiveness to bug fixing. n  T1Oracle | 03/29/09
Yea that is because...  Qbt | 03/29/09
The trick is called "modular design"...  Zogg | 03/30/09
Aw, jealous?  hasta la Vista, bah-bie | 03/31/09
"... they have to test their software properly."  oldbaritone | 03/31/09
Then why is it that....  maggietoo9 | 04/05/09
Why am I not surprised?  masonwheeler | 03/30/09
RE: Mozilla kills Firefox Pwn2Own bug  hopped | 03/30/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here