First Zero Day Exploit for Firefox 3.5

[nsane.forums]

The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause of the problem is a buffer overflow when processing specially prepared Font tags.

The Mozilla Foundation has been informed about the problem, but so far has not responded to queries by heise Security. An update does not currently exist. So far there are no reports of sites on the internet being first to use the hole for active infections and exploitation of Windows PCs. Since the published exploit uses PC heap spraying under JavaScript, disabling JavaScript should act as a stop gap. When the exploit was tested with Windows 7 RC1, after a short time, the browser displayed a dialogue offering to abort the script.

View: Original Article

[Bizarre™]

I think one should be fine if they have NoScript installed :lol:

[Lite]

Mozilla has acknowledged that there is a critical JavaScript vulnerability in its Firefox 3.5 web browser and that it's currently working on an update to address the problem

View: Original Article

[LoKz]

Mozilla has acknowledged that there is a critical JavaScript vulnerability in its Firefox 3.5 web browser and that it's currently working on an update to address the problem

View: Original Article

Thank you for the news Lite... :) Google Chrome looks good.... :ph34r:

[donizme]

Even when Firefox has a vulnerability, nobody bothers to exploit it. I can't remember the last time Firefoix was being widely exploited. I can though for IE (quite a few), and I can remember something about Chrome, but not sure... ;)