Mozilla has made a change in Firefox that will block all of the older versions of Java that contain a critical vulnerability that’s being actively exploited. The decision to add these vulnerable versions of Java to the browser’s blocklist is designed to protect users who may not be aware of the flaw and attacks.
Browsing Tag: vulnerabilities
Google has fixed nine new vulnerabilities in its Chrome browser, including six high-risk flaws. The most serious of the bugs include three separate use-after-free vulnerabilities in various parts of the browser.
As the inquiry into who leaked the proof-of-concept exploit code for the MS12-020 RDP flaw continues, organizations that have not patched their machines yet have a new motivation to do so: A Metasploit module for the vulnerability is now available.
With exploit code for the MS12-020 RDP vulnerability available in various places, the question now becomes, if a worm or large-scale attack appears, how big is the target base? As it turns out, it’s pretty big. As in, five million machines big.
Mozilla announced this week that it plans to integrate a silent updater in the next build of its flagship browser, Firefox, allowing future patches for Firefox 12 to be downloaded and installed in the background while the browser is running, according to a blog post by Robert Nyman, Mozilla’s Technical Evangelist on hacks.mozilla.org on Wednesday.
There is a confirmed legitimate working exploit for the MS12-020 RDP vulnerability in Windows circulating already and researchers say it is capable of either crashing or causing a denial-of-service condition on vulnerable machines. Microsoft has warned customers about the possibility of the exploit surfacing quickly and advised them to patch the flaw immediately. The researcher who discovered the vulnerability said that the packet he included in his original advisory was found in the exploit, raising the specter of a data leak somewhere in the pipeline.
Microsoft said that it has not seen any evidence that hackers have figured out a way to take advantage of a critical vulnerability in the Windows Remote Desktop Protocol (RDP) that the company disclosed and patched on Tuesday. The statement comes in the wake of unconfirmed reports of working exploits for the RDP hole circulating online on Thursday.
Mozilla has released Firefox 11 and acknowledged that the security vulnerability that a pair of researchers used in the Pwn2Own contest last week was one that the company already was aware of and working on repairing.
VANCOUVER–If there’s one thing that emerged from all of the craziness that was CanSecWest, Pwn2Own and Pwnium, it’s that life is becoming more difficult for researchers and attackers looking to exploit modern browsers. It’s not impossible, of course, but it’s certainly not the warm-up exercise that it was four or five years ago.
Google has pushed out a patch for the second full sandbox escape exploit used in the Pwnium contest at CanSecWest. The Chrome vulnerabilities that the exploit targeted were discovered by an anonymous researcher who used the name PinkiePie and claimed a $60,000 reward from Google.