Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Mozilla Patches Critical 0-Day Flaw Inside Firefox Within 48-Hours

As per fresh reports from ComputerWorld published on October 27, 2010, within not even 48-hours from knowing about critical vulnerability inside the Firefox Web-browser, Mozilla released a patch on an emergency basis on October 27, 2010 that fixed the problem.

Reportedly, attackers exploited the security flaw via a drive-by download assault that was unleashed from the Nobel Peace Prize online site that Norman a Norwegian anti-virus firm revealed on October 26, 2010. Norman reported that when people accessed the Nobel Peace Prize site they were diverted onto an attack server located in Taiwan which delivered an exploit containing JavaScript. This exploit, when effectively used installed a Trojan virus on affected Windows computers.

Reveal specialists that the flaw occurred because of a fault, which was not specified, and it was capable of being abused for running arbitrary code provided users viewed a maliciously-created website.

Significantly, Secunia the vulnerability research firm rated this flaw namely CVE-2010-3765 as "extremely critical."

Meanwhile according to Mozilla, the flaw impacts solely Firefox's versions 3.6 and 3.5 as well as may potentially impact users of Thunderbird who download websites inside the RSS Reader.

Writing on the Mozilla Security Blog, security program manager Brandon Sterne for the company reported that the built-in anti-malware system of Firefox currently blocked the attack site. Softpedia published this on October 27, 2010.

Sterne further wrote that the exploit might continue to remain on other Internet sites prior to disclosing that Firefox creators were developing a security update.

However, until a patch became ready and available, Mozilla advised that people turn off JavaScript within their browser alternatively use the NoScript add-on. To turn off JavaScript, they needed to click Tools > Options > Content and mark cross on the "Enable JavaScript" option.

Meanwhile, by patching Firefox flaws with the speed Mozilla hitherto adopted, the company has something to pride for. However, Avira and other security firms have expressed astonishment because the malware is unreliable. They seemingly can't perceive the reason for the attacker to particularly abandon a precious 0-day flaw that existed within such weakly-developed program since cyber-criminals normally exploited 0-day flaws for lucrative malicious software.

Related article: Mozilla Rules Out Bug in Its Firefox

ยป SPAMfighter News - 09-11-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next