Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43431
  • Total Topics: 16526
  • Online today: 2965
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 2
Guests: 2962
Total: 2964









Author Topic: Firefox Patches Zero-day, Hacking Contest Bugs  (Read 3247 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Firefox Patches Zero-day, Hacking Contest Bugs
« on: 28. March 2009., 18:53:32 »


Just days after a hacker released code that could be used to attack the Firefox browser, Mozilla developers have a fix.

They released an updated 3.0.8 version of their flagship browser Friday afternoon, just two days after the code was posted to the Milw0rm Web site: http://www.mozilla.com/en-US/firefox/3.0.8/releasenotes/

This update also fixes a bug disclosed to research firm TippingPoint last week by a hacker who used it to win the company's Pwn2Own contest at the CanSecWest security conference. It was one of three used by a German hacker, who gave only his first name, Nils, to claim US$15,000 in cash and a laptop as prizes.

Mozilla developers had described the release as a "high-priority firedrill security update" thanks to the attack code, known as a "zero day" exploit. The quick work paid off, as they had expected it to take until early next week to complete testing.

Mozilla says both bugs are "critical."

Nils' flaw exploited a bug in a Firefox routine known as method _moveToEdgeShift. He used it to hack the browser running on Mac OS X, but it could affect other platforms as well.

The other flaw, which has to do with the way the browser processes XSL (Extensible Stylesheet Language) stylesheets, affects Firefox on all operating systems, and also affects the Seamonkey Internet application.

Both of these bugs could be triggered by tricking a victim into viewing a maliciously coded Web page, which would then allow an attacker to install unauthorized software on a victim's system. This kind of Web-based malware, called a drive-by download, has become increasingly popular in recent years.

Firefox's next update, 3.0.9, is set to be released April 21.

(PCW)

Samker's Computer Forum - SCforum.info

Firefox Patches Zero-day, Hacking Contest Bugs
« on: 28. March 2009., 18:53:32 »

mashed

  • SCF Member
  • **
  • Posts: 63
  • KARMA: 10
  • Gender: Male
    • Stressed
Re: Firefox Patches Zero-day, Hacking Contest Bugs
« Reply #1 on: 29. March 2009., 19:58:31 »
nice quick turn around on the bug fixes :)

Samker's Computer Forum - SCforum.info

Re: Firefox Patches Zero-day, Hacking Contest Bugs
« Reply #1 on: 29. March 2009., 19:58:31 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023