/>
X
Business

Attack code posted for unpatched Firefox 3.5 flaw

Mozilla's security response team is scrambling to respond to the release of exploit code for a gaping hole in the latest version of its flagship Firefox browser.The flaw, rated "highly critical by Secunia, puts millions of Firefox users at risk of remote code execution attacks.
Written by Ryan Naraine, Contributor

Mozilla's security response team is scrambling to respond to the release of exploit code for a gaping hole in the latest version of its flagship Firefox browser.

The flaw, rated "highly critical by Secunia, puts millions of Firefox users at risk of remote code execution attacks.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Exploit code has been published at Milw0rm.

In the absence of a fix, Firefox users and administrators should immediately disable JavaScript.   The US-CERT has a valuable document (Securing Your Web Browser) with instructions to  help mitigate the risks associated with browser vulnerabilities.

Editorial standards