March 27th, 2009, 08:41 PM
Firefox and Seamonkey Vulnerabilities
In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vunerability has been published which involves XSL Transforms. This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers. A proof-of-concept exploit for the XSL Transform vulnerability has been released. If the attack succeeds, arbitrary code can be run in the context of the browser. If the attack fails, a DoS condition is likely for the browser.
Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1 (and no, this is not an early April Fools joke).
Original Source :
More reading :
It is ironic that people consider firefox a "secure" browser.. sigh..
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
By Galiath in forum Web Security
Last Post: April 21st, 2006, 03:57 AM