Security bug found in latest version of Firefox

By
Follow google news

An unpatched vulnerability in version 3.5 of Firefox, which was released last month, could enable a hacker to remotely run arbitrary code on users' machines, security firm Secunia said in an advisory.

The vulnerability arises when the browser processes JavaScript code to handle HTML font tags, the advisory said. An exploit can cause a memory corruption buffer overflow, which could lead to a compromise on an affected system.

“If your browser (Internet Explorer, Firefox, etc.) or its plug-ins (Adobe Flash Player, QuickTime, Sun Java, etc.) contain vulnerabilities, then you're exposed to security threats every single time you visit a website,” Secunia spokesman Mikkel Winther told SCMagazineUS.com in an email.

No patch is available yet from Mozilla, though exploit code has been posted on exploit repository milw0rm, which has reopened after temporarily shutting down.

Until a patch from Mozilla is available, US-CERT has encouraged users and administrators to disable JavaScript to mitigate any risks associated with the vulnerability. On its site, US-CERT describes a method to turn JavaScript off.

If that is untenable, Secunia said the best way to avoid being infected is to practise safe web surfing.

“We can only recommend that users refrain from visiting untrusted websites,” Winther said.


See original article on scmagazineus.com


Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
bugcodefirefoxflawsecurityvulnerability

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

Poor WA gov M365 security led to $71k theft and children's data breached

Poor WA gov M365 security led to $71k theft and children's data breached
Health and Aged Care CISO retires

Health and Aged Care CISO retires
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
US medical device maker Stryker's Microsoft environment attacked

US medical device maker Stryker's Microsoft environment attacked
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?