February 23, 2010

Serious vulnerability in the latest Firefox

Attack code included in the Russian burglary tools.
Russian Intevydis to have developed attack code that exploits including a so far unknown vulnerability in Mozilla's Firefox 3.6 for Windows.
firefox security hole
This code should be included in VulnDisco Professional Pack, a collection of attack code, which the Russian company sells. These can be used in a "burglary tools" called Immunity Canvas.
According to the Danish security company Secunia the vulnerability is exploited to execute arbitrary code on the system. It may also have other versions of Firefox are affected -
Firefox users are recommended now to avoid unreliable or unknown links and websites.

Among the first references to this vulnerability, as well as to similar vulnerabilities in Lotus Notes 8.5 and RealPlayer 11, available in this forum.

It should have been detected
many additional cases of the Firefox crash on 12 and 13 February this year. Some suspect that this may be due to testing of the attack code on different sites.
Evgeny Legerova, founder of Intevydis, said earlier this year that his company no longer in the set will notify the software vendors about vulnerabilities that had to be found.
The reason is first and foremost be a lack of reward for their efforts. Mozilla is surely among software providers often give money to security researchers who have found serious vulnerabilities in the foundation's software.
Legerova promised at once to reveal a number of vulnerabilities in server software, especially database systems. Since then, many such vulnerabilities have been described in this blog.

Free Website Hosting