Mozilla Plugs Firefox Pwn2Own Security Hole

Mozilla is the first browser vendor to fix a vulnerability exploited at this year’s CanSecWest Pwn2Own contest.Just one week after a U.K.-based hacker known as “Nils” broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the security hole.

Mozilla is the first browser vendor to fix a vulnerability exploited at this year’s CanSecWest Pwn2Own contest.

Just one week after a U.K.-based hacker known as “Nils” broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the security hole.

From Mozilla’s advisory

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed objec

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

Mozilla said the exploit used by Nils only affects Firefox 3.6 and not earlier versions.

However, the group said it will issue a patch for Firefox 3.5 in an upcoming release “just in case there is an alternate way of triggering the bug.”

The Firefox 3.6.3 update is rated critical.  It will be shipped via the browser’s automatic update mechanism.

Suggested articles

Discussion

  • vihor72 on

    шаљите више информација,ради побољшања Вашег програма који достиже савршенство.

    С поштовањем вихор-72

  • Ankica Davidov on

    Kako da zastitimo
    svoj komjuterp od napada svih sajtova gde smo regist
    ovani?,i dali da idemo sa istim imeijlom nik i
    pass ili da za svaki sajt bude razlicito?

      zahvaljujem unapred-Ankica Davidov.

  • vihor72 on

    Тако је Анкице изгледа да је све постало ризично па чак и мобилним кад разговараш

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.