Firefox update blocks proof-of-concept code

• SearchSecurity.com Staff
• Published: 30 Mar 2009

Mozilla Foundation issued an update to its Firefox browser over the weekend, blocking proof-of-concept code released last week that exploited an unresolved critical bug.

Firefox 3.0.8, released Saturday, plugs a hole exploited by a researcher at the CanSecWest 2009 Pwn2Own contest. It also blocks a XML tag remote memory corruption vulnerability. Mozilla said both vulnerabilities could be exploited by tricking a user to visit a Web page containing malicious code.

Mozilla updates: Firefox 3.0.7 - Mozilla repairs URL spoofing, memory corruption flaws in Firefox: Vulnerabilities causing browser instability and memory corruption errors could be exploited by attackers to access sensitive information. Firefox 3.0.6 - Firefox version 3.0.6 update fixes dangerous flaws: Version 3.0.6 fixes several memory corruption errors and cross-site scripting flaws that could be exploited by an attacker to gain access to critical files. Firefox 3.0.5 - Mozilla fixes cross-site-scripting flaws: The latest update also phases out support of Firefox 2.

A bug in Firefox's garbage collection routine allows an attacker to exploit a process to access previously destroyed objects. The technique was used by a security researcher during the Pwn2Own contest, sponsored by TippingPoint's Zero Day Initiative. It causes the browser to crash and allows an attacker to run arbitrary code on a victim's computer, Mozilla said.

At the contest, The German security researcher exploited vulnerabilities in Firefox, Apple's Safari browser and Microsoft Internet Explorer 8. He was awarded $15,000 from the Zero Day Initiative.

A second flaw in the way the browserprocesses Extensible Stylesheet Language (XSL) could also crash the browser and allow an attacker to run arbitrary code. Mozilla said it expedited the update to block proof-of-concept exploit code that appeared on the Milw0rm.com website.