/>
X
Business

Mozilla Firefox first to patch Pwn2Own vulnerability

The Firefox 3.6.3 update is rated critical. It fixes a flaw that was exploited at this year's CanSecWest Pwn2Own hacker challenge.
ryan-naraine.jpg
Written by Ryan Naraine on

Mozilla is the first browser vendor to fix a vulnerability exploited at this year's CanSecWest Pwn2Own contest.

Just one week after a U.K.-based hacker known as "Nils" broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the security hole.

[ SEE: Pwn2Own hack topples Firefox on Windows ]

From Mozilla's advisory:

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.
Mozilla said the exploit used by Nils only affects Firefox 3.6 and not earlier versions.

However, the group said it will issue a patch for Firefox 3.5 in an upcoming release "just in case there is an alternate way of triggering the bug."

The Firefox 3.6.3 update is rated critical.  It will be shipped via the browser's automatic update mechanism.

At the Pwn2Own hacker challenge, Nils used several tricks to bypass Address Space Layout Randomization (ALSR) and Data Execution Prevention (DEP) to get his drive-by download to load an executable on the target machine.

Afterwards, he told journalists that Mozilla does not properly implement ASLR on the Windows platform, making it easy to bypass during exploitation.

Editorial standards

Related

How to use your phone to diagnose your car's 'check engine' light
BlueDriver Bluetooth dongle

How to use your phone to diagnose your car's 'check engine' light

How to access your iPhone's camera faster with this hidden feature
iphone-13-pro-max-cameras.jpg

How to access your iPhone's camera faster with this hidden feature

Google Play malware: If you've downloaded these malicious apps, delete them immediately
a-man-sitting-in-his-living-room-looking-at-his-smartphone-with-concern

Google Play malware: If you've downloaded these malicious apps, delete them immediately