Security Researcher Posts Exploit for Firefox Vulnerability

Guido Landi, an independent security researcher from Italy, posted a harmful code on March 25, 2009 on many security websites. This malicious code exploits a loophole affecting Firefox 3.0.x after discovering the vulnerability that allows a hacker to plant illegal malware on an end-user's computer, as reported by TGDAILY on March 26, 2009.

The researcher further states that the flaw impacts Firefox running on Mac, Windows and Linux computers. However, for the exploit to be successful, it is necessary to get the victim to interact with a malevolent 'Extensible Markup Language' (XML) file.

Furthermore, the security flaw posted the proof-of-concept on security sites with malicious code that results in the execution of malware provided a user of Firefox is enticed to visit an exploit-rigged website. The security flaw influences all editions of the browser, the researcher disclosed.

However, when Landi released the exploit, Mozilla was fast to react, promising that it would release Firefox 3.0.8 by late March 2009. Additionally, the company notes that the release of Firefox 3.0.8 would be of high priority because of Landi's publication of the exploit code.

Meanwhile, the security response specialists at Mozilla are continuously pushing to get a fix ready for the apparently serious vulnerability influencing its flagship product Firefox. Although the organization has prepared the security update, it is waiting for a test of quality assurance to be completed prior to issuing it.

Commenting on the point, the specialists stated that the creators of browsers are extremely relaxed in patching critical flaws within their products despite receiving notification of the vulnerabilities. Thus, even with the timely knowledge of the well-documented security flaws, browser providers have a tendency to release a patch in scheduled update no matter how urgent the patch might be.

Meanwhile, it is worth noting that browser safety has recently drawn much attention since the CanSecWest security conference between March 16 and 20, 2009 at Vancouver, Canada. Security firm Secunia reports that there were 115 security flaws found in Firefox during 2008 - almost double that of IE and Safari combined. But Mozilla reacted much faster compared to Microsoft when the vulnerabilities were publicly revealed.

Related article: Securities Push Up A Must For Web Companies

» SPAMfighter News - 4/2/2009