No. 1 Story
ACCC clears Optus to scrap HFC network and use NBN instead
The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read moreRelated Articles
Firefox, zeroday, exploit, revealedMore From
Firefox 3.5 zero-day exploit revealed
Stephen Withers
Wednesday, 15 July 2009 03:18
According to the Denmark-based company, "The vulnerability is caused due to an error when processing JavaScript code handling e.g. 'font' HTML tags and can be exploited to cause a memory corruption."
The vulnerability was originally disclosed by Simon Berry-Brown via milw0rm.com. His proof of concept appears to open the calculator on Windows systems.
According to SecurityFocus, the proof of concept works on Windows XP SP2 but simply causes a crash under SP3.
Judging by a discussion on Mozilla's Bugzilla bug-tracking system, this issue relates to a bug that had already been identified and fixed by the time Berry-Brown revealed his exploit, although the fix has yet to be incorporated into a released version of the open-source browser.
Firefox 3.5.1 was expected this month. The appearance of the proof of concept may spur an early release, even if some other known bugs remain unfixed.
According to some reports, the Noscript extension provides protection against this issue. Noscript can be used to allow the execution of JavaScript only if it originates from a trusted site.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
