Mozilla Foundation issued an update to its Firefox browser over the weekend, blocking proof-of-concept code released...
last week that exploited an unresolved critical bug.
Firefox 3.0.8, released Saturday, plugs a hole exploited by a researcher at the CanSecWest 2009 Pwn2Own contest. It also blocks a XML tag remote memory corruption vulnerability. Mozilla said both vulnerabilities could be exploited by tricking a user to visit a Web page containing malicious code.
A bug in Firefox's garbage collection routine allows an attacker to exploit a process to access previously destroyed objects. The technique was used by a security researcher during the Pwn2Own contest, sponsored by TippingPoint's Zero Day Initiative. It causes the browser to crash and allows an attacker to run arbitrary code on a victim's computer, Mozilla said.
At the contest, The German security researcher exploited vulnerabilities in Firefox, Apple's Safari browser and Microsoft Internet Explorer 8. He was awarded $15,000 from the Zero Day Initiative.
A second flaw in the way the browserprocesses Extensible Stylesheet Language (XSL) could also crash the browser and allow an attacker to run arbitrary code. Mozilla said it expedited the update to block proof-of-concept exploit code that appeared on the Milw0rm.com website.