Attack code for Firefox zero-day goes wild, says researcher

Story: 10 things you should know about Linux securityTotal Replies: 8
Author Content
henke54

Feb 19, 2010
3:27 PM EDT
Quoting:A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla's Firefox browser. ................................... f Legerov's claim pans out, it would be one of the few times in recent memory that a zero-day vulnerability for Firefox has circulated in the wild. While the exploit is currently available only to those who pay a hefty licensing fee, wider circulation can't be far behind. This story will be updated as more is learned.
http://www.theregister.co.uk/2010/02/18/firefox_zero_day_rep...
tuxchick

Feb 19, 2010
3:37 PM EDT
Doesn't seem to affect non-Windows platforms.

Paying a fee to get the exploit is an interesting, that hardly seems 'in the wild'. More like "for sale."
chalbersma

Feb 19, 2010
4:53 PM EDT
@tuxchick Can you confim that?
jdixon

Feb 19, 2010
5:29 PM EDT
> Can you confim that?

From the Register's article:

"We've played a lot with it in our labs - it was very reliable," Legerov wrote in an email to The Reg. "Works against the default install of Firefox 3.6. We've tested it on XP and Vista."

Which doesn't mean the bug isn't present in the Linux version, merely that the exploit probably doesn't work.
Bob_Robertson

Feb 19, 2010
5:32 PM EDT
> Which doesn't mean the bug isn't present in the Linux version, merely that the exploit probably doesn't work.

Yep, the exploit has to get traction on the platform, even if it can get through the application.

That's one thing that has always kind of bugged me about Java scripting.
tuxchick

Feb 19, 2010
6:15 PM EDT
Yes, what jdixon said.

im in ur browser stealin ur cookies....
Scott_Ruecker

Feb 19, 2010
6:29 PM EDT
Oh noes! My cookies!

Mine mine mine cookies all mine mine mine...

Oops, Did I Curium again?

;-)
tuxchick

Feb 19, 2010
11:53 PM EDT
You did, Scott, all over your shoes.
Scott_Ruecker

Feb 20, 2010
1:02 PM EDT
Oh darns..and here I thought I kept my mouth closed..I tried I tried..LOL!!

Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]

Becoming a member of LXer is easy and free. Join Us!