iTWire - Firefox 3.5 zero-day exploit revealed

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Firefox 3.5 zero-day exploit revealed

Firefox 3.5 zero-day exploit revealed

E-mail

by Stephen Withers
Wednesday, 15 July 2009
A 'highly critical' flaw has been revealed in Firefox 3.5. Featured Whitepaper 5 Best Practices for Smartphone Support Secunia and other organisations are warning of a vulnerability in Firefox 3.5 that can allow the execution of arbitrary code. According to the Denmark-based company, "The vulnerability is caused due to an error when processing JavaScript code handling e.g. 'font' HTML tags and can be exploited to cause a memory corruption." The vulnerability was originally disclosed by Simon Berry-Brown via milw0rm.com. His proof of concept appears to open the calculator on Windows systems. According to SecurityFocus, the proof of concept works on Windows XP SP2 but simply causes a crash under SP3. Judging by a discussion on Mozilla's Bugzilla bug-tracking system, this issue relates to a bug that had already been identified and fixed by the time Berry-Brown revealed his exploit, although the fix has yet to be incorporated into a released version of the open-source browser. Firefox 3.5.1 was expected this month. The appearance of the proof of concept may spur an early release, even if some other known bugs remain unfixed. According to some reports, the Noscript extension provides protection against this issue. Noscript can be used to allow the execution of JavaScript only if it originates from a trusted site. Tags See All Tags Browser Browsers Exploit Firefox JavaScript Mozilla Security Software Stephen Withers Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking