Mozilla Warns of New 0-Day Vulnerability for Firefox Browser

By on Oct 27, 2010 in Software, Technology Comments

Mozilla warns of a new critical vulnerability affecting the popular Firefox web browser. In the Mozilla Security Blog, they confirmed that an exploit code leveraging this vulnerability has been detected in the wild.

The exploit code was reportedly seen in Nobel Peace Prize site and it affects the Firefox versions 3.5 and 3.6. Although the Nobel Peace Prize site have been addressed by Firefox built-in malware protection, Mozilla warns that other similar codes may be present in other websites hence they will release a fix for Firefox as soon as they have done enough quality assurance for the fix.
Security Researchers from Trend Micro confirms that a related JavaScript malware that use the mentioned Firefox vulnerability was found in the wild and validated that Trend Micro detects it as JS_NINDYA.A. In their Trend Micro Malware Blog the researchers mentioned that this malware uses “drive-by download” technique, wherein a malicious file is downloaded by just visiting a website and is executed without any user intervention.
Mozilla recommends that users disable the JavaScript feature in Firefox or try out the NoScript Firefox Add-on as an added protection while waiting for the official fix.

Update:

Mozilla Firefox versionĀ 3.6.12 fixes this issue and is available now via the Mozilla Firefox Update.



Spread The News!



Tags: , , , ,

Advertisement

Related News



What's On Your Mind?




Pinterest
Email