Mozilla kills Firefox Pwn2Own bug

Mozilla has won the race among browser makers to fix code execution holes exploited during this year's CanSecWest Pwn2Own hacker contest.The open-source group today shipped Firefox 3.

Mozilla has won the race among browser makers to fix code execution holes exploited during this year's CanSecWest Pwn2Own hacker contest.

The open-source group today shipped Firefox 3.0.8 with fixes for two separate vulnerabilities, including a drive-by download issue used by a hacker named "Nils" to win the Pwn2Own competition.  The update also fixes a zero-day flaw released earlier this week on a public exploit site. Both issues are rated "critical," Mozilla's highest severity rating.

[ SEE: Nils2Own: 'I want to see security flaws fixed' ]

The skinny:

  • MFSA 2009-13: Security researcher Nils reported via TippingPoint's Zero Day Initiative that the XUL tree method _moveToEdgeShift was in some cases triggering garbage collection routines on objects which were still in use. In such cases, the browser would crash when attempting to access a previously destroyed object and this crash could be used by an attacker to run arbitrary code on a victim's computer. This vulnerability does not affect Firefox 2, Thunderbird 2, or released versions of SeaMonkey.
  • MFSA 2009-12: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability.

ALSO SEE: Exploit code sends Mozilla scrambling to fix Firefox

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All