Russian Security Researchers Find Critical Security Hole in Firefox 3.6
Article by George Norman
On 23 Feb 2010
The latest and greatest version of the Firefox developed web browser is Firefox 3.6, which was released as a final, stable software application this January. Firefox 3.6 comes with more features, more speed and better security – but this is not to say there aren’t security holes that can be exploited. As security researchers from various security companies have always said, no browser is 100% safe.

Speaking of which, Russian security experts from Intevydis managed to uncover a previously unknown security hole in Firefox 3.6. They managed to exploit the security hole in the Windows version of Firefox 3.6 and remotely take control of the targeted machine. The good news is that the exploit does not affect the Mac OS and Linux versions of Firefox 3.6.

Advertising

The vulnerability has been given the critical rating by Secunia, Danish company that specializes in providing software for vulnerability management and is best known for tracking the latest security threats and offering info about patches.

Intevydis has made the exploit available to its customers. In case you’re not familiar with the Russian company, it develops the commercial VulnDisco add-on for the Canvas exploit toolkit by vendor Immunity. The only details about the security hole are that it is a buffer overflow vulnerability, and it is a quite reliable. At least that is what developer Evgeny Legerov says on the Immunity forum.

The Mozilla Foundation has released updates for its older browser versions earlier this month – mainly Firefox 3.0.18 and 3.5.8. No update has been released for Firefox 3.6 since the browser was rolled out last month. We can only assume that the hole is still open, but knowing the Mozilla Foundation, they’re working on a fix as we speak.

In related news, if you are a Firefox fan you could show your love by voting in the browser 2010 About.com Reader’s Choice Awards. You should hurry up though, there are just 2 days left to vote.

UPDATE 24 February 2010: Mozilla said it is aware of the fact that Firefox 3.6 is plagued by a critical security bug. “We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted to contact the researcher who discovered the issue but have not received a response,” said Mozilla's Lucas Adamski.




Tags: Mozilla, Firefox, Firefox 3.6, Security, Intevydis
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 24 Jul 2017
As someone who has been using Firefox day-to-day for a very – VERY – long time, I’ve grown to know a lot about Mozilla’s web browser. As such, I thought it a good idea to share part of my knowledge with you and highlight 10 tips & tricks that I’m sure you’ll find very useful.
By George Norman on 14 Aug 2017
Firefox Send works with any modern web browser (not just Mozilla’s own), it lets you safely send files up to 1GB in size, and using it is a fairly simple process, as you can see in this how-to guide.
By George Norman on 02 Aug 2017
Voice Fill uses spoken language to enter queries into search engines. Notes is a built-in notepad that you can use to jot down ideas. And Send lets you send encrypted, self-destructing files over the internet.
By George Norman on 21 Jun 2017
Last fall, Mozilla released Firefox Focus, a fast mobile browser that blocks ads and trackers. Previously only available for iOS, this privacy-oriented browser is now available for Android too.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Russian Security Researchers Find Critical Security Hole in Firefox 3.6
HTML Linking Code