United States
Live worldwide spam monitor detects outbreaks as they occur. See what's swarming.
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

The latest Firefox (3.6) already suffers from a mysterious zero day vulnerability

25 February 2010 -- According to Russian researchers at Intevydis, Firefox 3.6 suffers from a mysterious new zero day vulnerability that could allow remote attackers to gain control of your computer. Unfortunately, they aren't sharing any details with the public yet.

Many security research firms like Intevydis, Immunity, and Core Security sell exploit framework products (similar to Metasploit), which allow companies to test new security exploits against their systems. Many of these companies also sell exploit pack services that deliver new zero day exploits that have not been released publicly. In order to know about, and test these zero day exploits, you need to purchase these zero day exploit services. Intevydis specifically sells an exploit pack called VulnDisco, which works with Immunity's CANVAS exploit toolkit. According to this article, Intevydis just released a new zero day Firefox 3.6 vulnerability for their VulnDisco exploit pack.

Since this exploit is not public, little is know about it outside Intevydis (and likely Mozilla). The Intevydis researchers only say that it is a buffer overflow vulnerability. They also have only released a Windows exploit, so this flaw may only affect Firefox on Windows machines. If this is like any other browser buffer overflow, I would assume that if an attacker can entice you to a malicious website, he can exploit this flaw to execute code on your computer, with your privileges. If you have local administrator privileges, the attacker gains complete control of your machine.

Since this is a privately managed exploit, it may not have made it into the wild yet. However, there is no guarantee that it hasn't. Furthermore, now that bad guys know about it, they'll surely try to find it themselves. When Mozilla releases a Firefox update to fix this, we'll let LiveSecurity customers know about it. Until then, I recommend you use the Firefox NoScript extension, as it prevents the JavaScript these types of  browser flaws often need to work. -- Corey Nachreiner, CISSP

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.