Mozilla Patches Critical 0-Day Flaw Inside Firefox Within 48-HoursAs per fresh reports from ComputerWorld published on October 27, 2010, within not even 48-hours from knowing about critical vulnerability inside the Firefox Web-browser, Mozilla released a patch on an emergency basis on October 27, 2010 that fixed the problem. Reportedly, attackers exploited the security flaw via a drive-by download assault that was unleashed from the Nobel Peace Prize online site that Norman a Norwegian anti-virus firm revealed on October 26, 2010. Norman reported that when people accessed the Nobel Peace Prize site they were diverted onto an attack server located in Taiwan which delivered an exploit containing JavaScript. This exploit, when effectively used installed a Trojan virus on affected Windows computers. Reveal specialists that the flaw occurred because of a fault, which was not specified, and it was capable of being abused for running arbitrary code provided users viewed a maliciously-created website. Significantly, Secunia the vulnerability research firm rated this flaw namely CVE-2010-3765 as "extremely critical." Meanwhile according to Mozilla, the flaw impacts solely Firefox's versions 3.6 and 3.5 as well as may potentially impact users of Thunderbird who download websites inside the RSS Reader. Writing on the Mozilla Security Blog, security program manager Brandon Sterne for the company reported that the built-in anti-malware system of Firefox currently blocked the attack site. Softpedia published this on October 27, 2010. Sterne further wrote that the exploit might continue to remain on other Internet sites prior to disclosing that Firefox creators were developing a security update. However, until a patch became ready and available, Mozilla advised that people turn off JavaScript within their browser alternatively use the NoScript add-on. To turn off JavaScript, they needed to click Tools > Options > Content and mark cross on the "Enable JavaScript" option. Meanwhile, by patching Firefox flaws with the speed Mozilla hitherto adopted, the company has something to pride for. However, Avira and other security firms have expressed astonishment because the malware is unreliable. They seemingly can't perceive the reason for the attacker to particularly abandon a precious 0-day flaw that existed within such weakly-developed program since cyber-criminals normally exploited 0-day flaws for lucrative malicious software. Related article: Mozilla Rules Out Bug in Its Firefox ยป SPAMfighter News - 11/9/2010 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!