Microsoft patched it's latest browser vulnerabilties yesterday, and now there is a zero-day exploit for firefox 3.5! The proof of concept code executes calculator on the compromised machine.
There is a vulnerability in the way Firefox is processing javascript codes which allows an attacker to execute arbitrary code. When the attack doesn't work, the browser crashes, or the script causes FF to give errors.
the proof of concept is here: http://www.milw0rm.com/exploits/9137
When I tried the PoC, I got a message saying the script was unresponsive (A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.) At that point you can either continue or stop the script.
Using the no-script add-in mitigates the threat (unless you choose to allow scripts on the page with the attack!)
No response from FF yet about a patch.
No comments:
Post a Comment