Mozilla plugs Firefox drive-by-download zero-day

Mozilla has quickly rushed out a Firefox security patch to provide cover for a zero-day flaw that was being exploited in drive-by malware downloads.

Mozilla has  quickly rushed out a Firefox security patch to provide cover for a zero-day flaw that was being exploited in drive-by malware downloads.

The patch, rated "critical," fixes a buffer overflow issue that was under attack at the Nobel Peace Prize web site.

Here is the description of the vulnerability:

follow Ryan Naraine on twitter

Morten Kråkvik of Telenor SOC reported an exploit targeting particular versions of Firefox 3.6 on Windows XP that Telenor found while investigating an intrusion attempt on a customer network. The underlying vulnerability, however, was present on both the Firefox 3.5 and Firefox 3.6 development branches and affected all supported platforms.

The open-source group said the flaw was a buffer overflow mixing document.write and DOM insertion.

The vulnerability is fixed in Firefox 3.6.12, Firefox 3.5.15, Thunderbird 3.1.6, Thunderbird 3.0.10 and SeaMonkey 2.0.10.

[ SEE: Firefox zero-day under attack at Nobel Peace Prize site ]

According to malware hunters tracking the threat, Firefox users who surfed to the Nobel Peace Prize site were silently infected with Belmoo, a Windows Trojan that gives the attacker complete control of the machine.

The exploit was successful on Firefox versions 3.5 and 3.6 (Windows XP).

Once a drive-by download is successful, Norman said the malware would then attempt to connect to two Internet addresses, both which point to a server in Taiwan.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All