|
-
March 27th, 2009, 07:41 PM
#1
Firefox and Seamonkey Vulnerabilities
In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vunerability has been published which involves XSL Transforms. This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers. A proof-of-concept exploit for the XSL Transform vulnerability has been released. If the attack succeeds, arbitrary code can be run in the context of the browser. If the attack fails, a DoS condition is likely for the browser.
Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1 (and no, this is not an early April Fools joke).
Original Source :
http://isc.sans.org/diary.html?storyid=6079
More reading :
http://www.securityfocus.com/bid/34235/
http://secunia.com/advisories/34471/
http://www.vupen.com/english/advisories/2009/0853
https://bugzilla.mozilla.org/show_bug.cgi?id=485217
http://blog.mozilla.com/security/200...vulnerability/
It is ironic that people consider firefox a "secure" browser.. sigh..
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD* 
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Similar Threads
-
By Galiath in forum Web Security
Replies: 7
Last Post: April 21st, 2006, 02:57 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote