X
Business
Home Business Enterprise Software

Attack code posted for unpatched Firefox 3.5 flaw

Mozilla's security response team is scrambling to respond to the release of exploit code for a gaping hole in the latest version of its flagship Firefox browser.The flaw, rated "highly critical by Secunia, puts millions of Firefox users at risk of remote code execution attacks.
Written by Ryan Naraine, Contributor

firefox3logo.png
Mozilla's security response team is scrambling to respond to the release of exploit code for a gaping hole in the latest version of its flagship Firefox browser.

The flaw, rated "highly critical by Secunia, puts millions of Firefox users at risk of remote code execution attacks.

The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.5. Other versions may also be affected.

Exploit code has been published at Milw0rm.

In the absence of a fix, Firefox users and administrators should immediately disable JavaScript.   The US-CERT has a valuable document (Securing Your Web Browser) with instructions to  help mitigate the risks associated with browser vulnerabilities.

Editorial standards
Show Comments

Related

logi-ai-prompt-builder-mx-setup

Logitech mouse and keyboard users are getting a free AI upgrade

Installing Deepin desktop on Ubuntu.

Don't like your Linux desktop? Here's how to install an alternative

GOTRAX 4 electric scooter

The most charming projector I've tested has now replaced my TV for movie nights