Russian Security Researchers Find Critical Security Hole in Firefox 3.6
Article by George Norman
On 23 Feb 2010
The latest and greatest version of the Firefox developed web browser is Firefox 3.6, which was released as a final, stable software application this January. Firefox 3.6 comes with more features, more speed and better security – but this is not to say there aren’t security holes that can be exploited. As security researchers from various security companies have always said, no browser is 100% safe.

Speaking of which, Russian security experts from Intevydis managed to uncover a previously unknown security hole in Firefox 3.6. They managed to exploit the security hole in the Windows version of Firefox 3.6 and remotely take control of the targeted machine. The good news is that the exploit does not affect the Mac OS and Linux versions of Firefox 3.6.

Advertising

The vulnerability has been given the critical rating by Secunia, Danish company that specializes in providing software for vulnerability management and is best known for tracking the latest security threats and offering info about patches.

Intevydis has made the exploit available to its customers. In case you’re not familiar with the Russian company, it develops the commercial VulnDisco add-on for the Canvas exploit toolkit by vendor Immunity. The only details about the security hole are that it is a buffer overflow vulnerability, and it is a quite reliable. At least that is what developer Evgeny Legerov says on the Immunity forum.

The Mozilla Foundation has released updates for its older browser versions earlier this month – mainly Firefox 3.0.18 and 3.5.8. No update has been released for Firefox 3.6 since the browser was rolled out last month. We can only assume that the hole is still open, but knowing the Mozilla Foundation, they’re working on a fix as we speak.

In related news, if you are a Firefox fan you could show your love by voting in the browser 2010 About.com Reader’s Choice Awards. You should hurry up though, there are just 2 days left to vote.

UPDATE 24 February 2010: Mozilla said it is aware of the fact that Firefox 3.6 is plagued by a critical security bug. “We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted to contact the researcher who discovered the issue but have not received a response,” said Mozilla's Lucas Adamski.




Tags: Mozilla, Firefox, Firefox 3.6, Security, Intevydis
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Russian Security Researchers Find Critical Security Hole in Firefox 3.6
HTML Linking Code