By Thomas Claburn July 14, 2009
US-CERT on Tuesday warned about vulnerability in the new Firefox 3.5 browser that could allow a remote attacker to execute malicious code. Proof-of-concept exploit code was posted Monday on Milw0rm.com, an exploit code aggregation site, so it's likely that the vulnerability is being actively exploited. The vulnerability, discovered by Simon Berry-Byrne, is related to the way Firefox 3.5 processes JavaScript code. Mozilla has acknowledged the vulnerability and has a fix that's being tested. "The vulnerability can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code," the company said on its security blog. "The vulnerability can be mitigated by disabling the JIT in the JavaScript engine.
Read more here -->Link
No comments:
Post a Comment