United States
Live worldwide spam monitor detects outbreaks as they occur. See what's swarming.
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Zero day Firefox memory corruption exploit found in the wild

26 March 09 -- A Proof-of-Concept (PoC) Firefox exploit that leverages a previously unknown memory corruption vulnerability in the popular browser has turned up on a well-known exploit archive site.

According to a vulnerability post on SecurityFocus, the zero day memory corruption flaw -- which was discovered by a security researcher named Guido Landi -- involves Firefox's inability to properly parse a particular Extensible Stylesheet Language (XSL) element. By enticing you to a malicious web site containing a specially crafted XSL element, a remote attacker could exploit this flaw to either crash Firefox, or potentially execute code on your computer with your privileges. If you have local administrative, or root privileges, the attacker could leverage this flaw to gain complete control of your machine. The flaw seems to affect the latest version of Firefox running on both Windows and Linux platforms. It likely affects the Mac version of Firefox as well.

Mozilla, the creators of Firefox, have responded very quickly to this zero day PoC exploit. They have already created a bug for it, which they have fixed internally. They plan to publicly release this fix with their next Firefox release (3.0.8), which is due sometime next week.

Luckily, Landi's PoC exploit currently only crashes Firefox. That said, a skilled attacker could modify his exploit to execute code on your machine. You should consider this a very high risk flaw. Unfortunately, I'm currently unaware of any way to mitigate this vulnerability other than being careful where you browse, or to use a different browser. While disabling Javascript can often help protect you against many browser vulnerabilities, this one does not rely on Javascript. So NoScript won't help. If you use Firefox, make sure to download and install next week's update as quickly as you can.

LiveSecurity and LiveSecurity Informer subscribers will receive more detailed information about this flaw and its fix in an alert we'll post when Mozilla releases their Firefox update. -- Corey Nachreiner, CISSP

Slashdot Digg! Save this page to del.icio.us Stumble It! Add to Technorati Favorites Submit to Reddit

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.