Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox 3.5 new exploit - confirmed

Published: 2009-07-14
Last Updated: 2009-07-16 17:54:23 UTC
by Swa Frantzen (Version: 4)
8 comment(s)

Updated story, thanks to for helping figure it out!

The mozilla security blog confirms an exploit against an unpatched vulnerability Firefox 3.5 exists and has been made public.

Do note that Heisse tried to confirm the vulnerability and only managed a crash on Vista and can't seem to make it work on Windows 7 RC1
http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761

The mozilla blog above has a workaround by temporary disabling the javascript.options.jit.content setting in about:config

Alternatively one could install and use NoSCript to disable all javascript by default.

--
Swa Frantzen -- Section 66

UPDATE

Dean wrote in to say that this exploit has been spotted in the wild. The attacked just used Metasploit to create it and put a PoisonIvy client as the payload. Unfortunately, the payload has been packed with a packer that prevented some AV vendors so the detection isn't all that great.

Good news is that NoScript will protect you against it, but also that it takes some time for the exploit to execute (in a lot of cases the user is prompted by Firefox that a script on the page is running too long); it also does not appear to be 100% reliable.

--
Bojan
 

Keywords: Firefox
8 comment(s)
Diary Archives