Russian Security Researchers Find Critical Security Hole in Firefox 3.6
The latest and greatest version of the Firefox developed web browser is Firefox 3.6, which was released as a final, stable software application this January. Firefox 3.6 comes with more features, more speed and better security – but this is not to say there aren’t security holes that can be exploited. As security researchers from various security companies have always said, no browser is 100% safe.
Speaking of which, Russian security experts from Intevydis managed to uncover a previously unknown security hole in Firefox 3.6. They managed to exploit the security hole in the Windows version of Firefox 3.6 and remotely take control of the targeted machine. The good news is that the exploit does not affect the Mac OS and Linux versions of Firefox 3.6.
The vulnerability has been given the critical rating by Secunia, Danish company that specializes in providing software for vulnerability management and is best known for tracking the latest security threats and offering info about patches.
Intevydis has made the exploit available to its customers. In case you’re not familiar with the Russian company, it develops the commercial VulnDisco add-on for the Canvas exploit toolkit by vendor Immunity. The only details about the security hole are that it is a buffer overflow vulnerability, and it is a quite reliable. At least that is what developer Evgeny Legerov says on the Immunity forum.
The Mozilla Foundation has released updates for its older browser versions earlier this month – mainly Firefox 3.0.18 and 3.5.8. No update has been released for Firefox 3.6 since the browser was rolled out last month. We can only assume that the hole is still open, but knowing the Mozilla Foundation, they’re working on a fix as we speak.
In related news, if you are a Firefox fan you could show your love by voting in the browser 2010 About.com Reader’s Choice Awards. You should hurry up though, there are just 2 days left to vote.
UPDATE 24 February 2010: Mozilla said it is aware of the fact that Firefox 3.6 is plagued by a critical security bug. “We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted to contact the researcher who discovered the issue but have not received a response,” said Mozilla's Lucas Adamski.
Tags: Mozilla, Firefox, Firefox 3.6, Security, Intevydis
Speaking of which, Russian security experts from Intevydis managed to uncover a previously unknown security hole in Firefox 3.6. They managed to exploit the security hole in the Windows version of Firefox 3.6 and remotely take control of the targeted machine. The good news is that the exploit does not affect the Mac OS and Linux versions of Firefox 3.6.
Advertising
The vulnerability has been given the critical rating by Secunia, Danish company that specializes in providing software for vulnerability management and is best known for tracking the latest security threats and offering info about patches.
Intevydis has made the exploit available to its customers. In case you’re not familiar with the Russian company, it develops the commercial VulnDisco add-on for the Canvas exploit toolkit by vendor Immunity. The only details about the security hole are that it is a buffer overflow vulnerability, and it is a quite reliable. At least that is what developer Evgeny Legerov says on the Immunity forum.
The Mozilla Foundation has released updates for its older browser versions earlier this month – mainly Firefox 3.0.18 and 3.5.8. No update has been released for Firefox 3.6 since the browser was rolled out last month. We can only assume that the hole is still open, but knowing the Mozilla Foundation, they’re working on a fix as we speak.
In related news, if you are a Firefox fan you could show your love by voting in the browser 2010 About.com Reader’s Choice Awards. You should hurry up though, there are just 2 days left to vote.
UPDATE 24 February 2010: Mozilla said it is aware of the fact that Firefox 3.6 is plagued by a critical security bug. “We cannot confirm the report as we have received no details regarding the reported vulnerability, such as a proof-of-concept or steps to reproduce. We’ve attempted to contact the researcher who discovered the issue but have not received a response,” said Mozilla's Lucas Adamski.
Tags: Mozilla, Firefox, Firefox 3.6, Security, Intevydis
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 23 Apr 2012
Even though the Mozilla Foundation has not officially released the final version of Firefox 12 to the masses, Firefox v. 12.0 final is already out there and available for download
By George Norman on 02 Feb 2012
Version 10.0 of the very popular Firefox web browser has been released to the web. This new version comes with a
By George Norman on 27 Jan 2012
We all start the year with resolutions, such as “this year I’m going to more carefully watch what I eat”, or “this year I will try to be less stressed”. Most times we discard these resolutions just as easily as 
By George Norman on 21 Dec 2011
Nonprofit organization Mozilla has updated its popular Firefox web browser to version 9.0. If you’re on Firefox and you did not receive an automated update prompt, you can manually trigger one from the Advertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Russian Security Researchers Find Critical Security Hole in Firefox 3.6
HTML Linking Code
HTML Linking Code