On TechRepublic: Windows 7: Slower to boot than Vista?
BNET Business Network:
BNET
TechRepublic
ZDNet

July 16th, 2009

Mozilla, Google plug high-risk browser holes

Posted by Ryan Naraine @ 9:38 pm

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Firefox, Google, Google Chrome, Hackers, Mozilla, Open source, Passwords, Patch Watch, Responsible disclosure, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Google Inc., Mozilla Firefox, Vulnerability, Web Browser, JIT, Mozilla Corp., Web Browsers, Security, Internet, Ryan Naraine

Just 48 hours after the release of exploit code targeting a zero-day vulnerability in Firefox 3.5, Mozilla’s security response team has rushed out a patch to protect users from code execution attacks.

With Firefox 3.5.1, rated a “critical” update, the open-source group corrects a browser crash that could result in an exploitable memory corruption problem.

[ SEE: Attack code posted for unpatched Firefox 3.5 flaw ]

Mozilla explains:

In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.

We would like to thank community members Lucas Kruijswijk and Nochum Sossonko for isolating the problematic script from the original crashing site.

This vulnerability does not affect earlier versions of Firefox which do not support the JIT feature.

Separately, a new version of Google Chrome was released to patch a pair of security flaws that could allow malicious code execution if a Chrome user simply surfs to a booby-trapped Web page.

The skinny from Google:

Evaluating a specially-crafted regular expression in Javascript on a web page can lead to memory corruption and possibly a heap overflow. Visiting a maliciously crafted website may lead to a renderer (tab) crash or arbitrary code execution in the Google Chrome sandbox.

Google is withholding full details on the vulnerability, which is rated “high risk.”

The second vulnerability could allow a compromised renderer (tab) process to cause the browser process to allocate very large memory buffers.

This error could cause the browser process (and all tabs) to crash or possibly allow arbitrary code execution with the privileges of the logged on user. To exploit this vulnerability, an attacker would need to be able to run arbitrary code inside the renderer process.

Google rates this issue as “critical” and warns that it could be used in tandem with another vulnerability to run code with the privileges of the logged on user.
Mozilla and Google both ship patches to users via the browser’s built-in updating mechanism.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 112 Talkback(s)
Excellent article.
I just bought the 17" notebook from Wal-Mart for 348.00.
It's a Toshiba with 3GB and a 250 GB HDD (Win Vista Basic)

My first task after opening the box was setting up a dual boot with Linux Mint 7.

It should be standard procedure.... (Read the rest)
Posted by: joe.smetona@... Posted on: 08/23/09 You are currently: a Guest | | Terms of Use
Ready before Tuesday, as I suspected.  Zogg | 07/17/09
The Only Plugin You'll Ever Need: Noscript  Dietrich T. Schmitz | 07/17/09
noscript is useless  directory | 07/17/09
It will stop cross scripting attacks..  JCitizen | 07/19/09
useless?  Greenknight_z | 07/21/09
RE: useless  AmediaN | 07/22/09
Re:  dvm | 07/17/09
Linux has AppArmor which sandboxes any process  Dietrich T. Schmitz | 07/17/09
Re:  dvm | 07/17/09
I disagree.  Dietrich T. Schmitz | 07/17/09
Firefox is no longer safe...  pdickey43@... | 07/17/09
Fail  honeymonster | 07/17/09
Read the Facts about Firefox and their position on ActiveX  Dietrich T. Schmitz | 07/17/09
D  Erroneous | 07/17/09
Dietrich, yes I understood that what Firefox uses is also exploitable....  xuniL_z | 07/19/09
Re:  dvm | 07/17/09
If someone drives by a site where previously Noscript was set to allow  Dietrich T. Schmitz | 07/17/09
Re:@DTS  dvm | 07/17/09
@DVM: IE Protected Mode does nothing for the XP Populace  Dietrich T. Schmitz | 07/18/09
Re:@DTS  dvm | 07/18/09
re:  tmsbrdrs | 07/20/09
Dietrich why are you spreading FUD again.....  xuniL_z | 07/19/09
What's your hourly rate?  tmsbrdrs | 07/20/09
Re; secure browser, get IE8 . . & safe ActiveX controls . .  hkommedal | 07/23/09
Naysayers;  goff256 | 07/23/09
@tmsbrdrs. You couldn't afford me. NT
devil  xuniL_z | 07/24/09
@Goff256 Better than the massive LINUX Botnets...  xuniL_z | 07/24/09
Errrr  goff256 | 07/26/09
Question: What keeps Geek Squad so busy?  joe.smetona@... | 08/04/09
@xuniL_z  tmsbrdrs | 08/15/09
Dietrich suggests you use an OS that needs Locked down Tight to be secure..  xuniL_z | 07/20/09
In this particular case...  Dietrich T. Schmitz | 07/20/09
Ah  goff256 | 07/20/09
So if a news reporting agency or a blog  Dietrich T. Schmitz | 07/20/09
But  goff256 | 07/20/09
@goff256 That would be irresponsible...  Dietrich T. Schmitz | 07/20/09
Eh?  goff256 | 07/20/09
@goff256  tmsbrdrs | 07/20/09
NO Falsehood  goff256 | 07/21/09
@goff256  tmsbrdrs | 08/15/09
No shuffling of my feet....  xuniL_z | 07/20/09
I think You and I can be friends provided we respect our differences  Dietrich T. Schmitz | 07/20/09
Dietrich, one other thing to consider.  xuniL_z | 07/20/09
No falsehood  goff256 | 07/21/09
Re; no fear of security issues.  hkommedal | 07/23/09
Try Googling "Linux Botnets"  xuniL_z | 07/24/09
Re; And 60% of attacks makes sense doesn't it . . .  hkommedal | 07/25/09
Googled Linux botnets  tmsbrdrs | 08/15/09
The Only OS and Browser You'll Ever Need: Windows and IE.  xuniL_z | 07/20/09
lol, security  Tom6 | 07/21/09
I call this  goff256 | 07/21/09
Re; solve your problems with activeX . .  hkommedal | 07/23/09
Let me remind you  goff256 | 07/26/09
It seems the situation is not quite that perfect yet.  hkommedal | 07/27/09
If you're looking for a flawless OS/Browser  goff256 | 07/27/09
Update to Vista?!?!  Tom6 | 07/28/09
re:  tmsbrdrs | 08/15/09
UseYourHead:If IE gets a hole you may have to wait a year for a patch!  Randalllind | 07/17/09
RE: Mozilla, Google plug high-risk browser holes  Loverock Davidson | 07/17/09
RE: Mozilla, Google plug high-risk browser holes  kzot | 07/17/09
Good on Mozilla  mhenriday | 07/17/09
Look at all the posts deleted.  osreinstall | 07/18/09
I thought I remembered this as being...  JCitizen | 07/19/09
Why bother posting?  osreinstall | 07/19/09
ZDNet is totally unfriendly to Windows users and the bloggers...  xuniL_z | 07/20/09
I am not sure if I understand what your point is.  Dietrich T. Schmitz | 07/20/09
It looks like his point is that nobody should have their . .  hkommedal | 07/23/09
The threads got deleted due to DTS.  osreinstall | 07/21/09
Thanks for clarifying one of my points, which was not clear....  xuniL_z | 07/25/09
Radicals ruin it for everyone.  osreinstall | 07/25/09
Amen ! . . . (nt)  hkommedal | 07/23/09
not against the products, against the company  tmsbrdrs | 08/15/09
No Surprise. It happens all the time.  joe.smetona@... | 07/21/09
I know what gives?  osreinstall | 07/21/09
I've had many technical posts deleted.  joe.smetona@... | 07/23/09
Not me too much.  osreinstall | 07/23/09
just a thought  tmsbrdrs | 08/15/09
Re; negative posting goes in both directions . .  hkommedal | 07/23/09
Yes, they didn't claim to be a no spin zone.  osreinstall | 07/23/09
Re; extremists want you to agree with them or you are part of the . . .  hkommedal | 07/23/09
You got that right  osreinstall | 07/24/09
disagree all you want.  tmsbrdrs | 08/15/09
You can't defend Windows, ever.  joe.smetona@... | 07/28/09
I can do whatever I want.  osreinstall | 07/28/09
Reply to "I can do whatever I want"  joe.smetona@... | 07/30/09
Zealot, what can I say.  osreinstall | 07/30/09
Reply to OSreinstall  joe.smetona@... | 07/30/09
To Joe Smetona  osreinstall | 07/30/09
@osreinstall  tmsbrdrs | 08/15/09
Reply to OS-reinstall.  joe.smetona@... | 08/01/09
Poor Joe is virus bound.  osreinstall | 08/01/09
Reply: OSR, You can't argue the facts.  joe.smetona@... | 08/03/09
But you didn't give any. Just Linux irrationalism.  osreinstall | 08/03/09
Let the reader's decide for themselves.  joe.smetona@... | 08/03/09
I already decided.  osreinstall | 08/03/09
you need a better title for your post  tmsbrdrs | 08/15/09
Excellent article.  joe.smetona@... | 08/23/09
RE: Mozilla, Google plug high-risk browser holes  bits4babies | 07/20/09
Mozilla responds and advises milw0rm not exploitable  Dietrich T. Schmitz | 07/20/09
About your deleted post.  xuniL_z | 07/20/09
That's fine and thanks for your candor.  Dietrich T. Schmitz | 07/20/09
I understand, but Amazon's Elastic Cloud computing.....  xuniL_z | 07/20/09
Some radical thinking is needed  Dietrich T. Schmitz | 07/20/09
You never answered  goff256 | 07/20/09
Go look at my home page for your answer  Dietrich T. Schmitz | 07/20/09
I agree with pretty much everything you said.  xuniL_z | 07/20/09
I believe I've already answered your question  Dietrich T. Schmitz | 07/20/09
I appreciate your opinion, but.....  xuniL_z | 07/20/09
RE: Mozilla, Google plug high-risk browser holes  Sirgwain | 07/20/09
RE: Mozilla, Google plug high-risk browser holes  xmeshman | 07/20/09
There is no best OS  goff256 | 07/20/09
Kudos for people like goff256 and xuniL_z  ep-man | 07/23/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here