- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Online attack code has been released targeting a critical, unpatched flaw in the Firefox browser.
Slideshow: 10 Firefox add-ons for better browsing
The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user's machine.
Mozilla developers have already worked out a fix for the vulnerability. It's slated to ship in the upcoming 3.0.8 release of the browser, which developers are now characterizing as a "high-priority firedrill security update," thanks to the attack code. That update is expected sometime early next week.
"We... consider this a critical issue," said Mozilla Director of Security Engineering Lucas Adamski in an e-mail.
The bug affects Firefox on all operating systems, including Mac OS and Linux, according to Mozilla developer notes on the issue.
By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorized software on a victim's system. This kind of Web-based malware, called a drive-by download, has become increasingly popular in recent years.
While the public release of browser attack code doesn't happen all that often, security researchers don't seem to have much trouble finding bugs in browser software. Last week, two hackers at the CanSecWest security conference dug up four separate bugs in the Firefox, IE and Safari browsers.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (7)
does the noscript plug in work against this bug?By Anonymous on March 26, 2009, 6:29 amdoes the noscript plug in work against this bug?
Reply | Read entire comment
no, it doesn'tBy Anonymous on March 26, 2009, 2:19 pmno, it doesn't
Reply | Read entire comment
FirefoxBy Anonymous on March 26, 2009, 8:19 pmSadly, the Firefox quality has gone out the window. I can't stand using them now. How stupid, it won't let go of the last site visited and opens in tabs when the...
Reply | Read entire comment
unknown addressBy Anonymous on March 26, 2009, 10:14 pmmany times when i click an address in my firefox, it says cannot connect, but when i hit the retry button it always connects....... solutions???????
Reply | Read entire comment
i supose ns doesnt helpBy Anonymous on March 27, 2009, 4:31 amsince it's not js,flash and so on i assume that the problem is in xml parsing
Reply | Read entire comment
Benefits vs. security flawsBy roccotool on March 27, 2009, 6:38 amSay what you want, but Firefox is miles ahead of IE regarding security flaws and ease of use. One or two minor complaints doesn't make it a bad browser. I will continue...
Reply | Read entire comment
View all comments