Firefox 3.5 at risk from 0-Day JavaScript and DNS flaws?

sr-firefox3.jpg
From the ‘shiny, new and broken‘ files:

US-CERT is warning today about a new un-patched 0-day Firefox 3.5 vulnerability. According to US-CERT, the vulnerability is due to an
error in the way JavaScript code is processed.

There is proof of concept code for the exploit publicly available now and as such in my opinion this represents an immediate threat to Firefox 3.5 users. To the best of my knowledge this is the first ‘critical’ flaw publicly reported for the Firefox 3.5 release which came out two ago.

The code that I saw was written by security researcher Simon Berry-Byrne and is officially titled, “Firefox 3.5 Heap Spray Vulnerability. Berry-Byrne in his proof of concept code thanks security research H D Moore, “...for the insight and Metasploit for the payload.”  Metasploit is an open source security testing framework which can enable an attack to become ‘weaponized’ for testing and research purposes.

There is a second potential vulnerability that is making the rounds in the security research community involving a DNS leakage in Firefox 3.5.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web