Wednesday, May 11, 2005

Zero-Day Firefox Exploit Sends Mozilla Scrambling

“For the fourth time in three months, major security flaws in the upstart Firefox Web browser have pushed volunteers at the Mozilla Foundation into damage-control mode.”

The open-source group late Sunday rushed out a partial fix for a pair of "extremely critical" Firefox vulnerabilities after zero-day exploit code leaked onto the Internet and promised a comprehensive patch would be available soon.”

Mozilla Foundation Security Advisory 2005-42

“Two vulnerabilities were found in Mozilla Firefox that combined allow an attacker to run arbitrary code. The Mozilla Suite is only partially vulnerable.”

“The Mozilla Foundation has made changes to our update servers that will protect users from this arbitrary code execution exploit. Users who have added other extension or theme sites to the software installation whitelist should remove them until a fixed version of Firefox is available.”