Firefox Exploit Ventures Into The Wild
Date: Saturday, September 24 @ 02:21:50 CEST
Topic: Security


An exploit for the just-patched IDN bug in Mozilla's Firefox browser and namesake suite has been published on the Internet, a French security vendor said late Thursday. The hack creates a heap buffer overflow, and when it works, can give the user complete control of a vulnerable machine running Firefox, Mozilla, or even Netscape.

FrSIRT warned users of Firefox and Mozilla that the exploit code -- which FrSIRT published in its entirety, a not-uncommon practice for the firm -- should be considered a critical risk.

Tuesday, Mozilla patched the Firefox browser against the bug in its support of international domain names (IDN). Thursday, it followed up with a similar fix for the Mozilla suite in its Windows, Linux, and Mac OS X incarnations. Netscape, however, has not yet patched that browser.

Firefox 1.0.7 and Mozilla 1.7.12, which stymie the exploit, can be downloaded from the Mozilla site.

Source: informationweek.com/story/showArticle...







This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=4738