Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Firefox Exploit Emerges

An exploit that takes advantage of a recently-patched bug in Mozilla Corp.'s Firefox browser went public Tuesday, causing security vendors to urge users to update immediately.

Code was posted to the Metasploit Project site, which rolls out exploit modules for its Framework tool on a regular basis, that could let hackers corrupt Firefox's memory, then run their own programs to hijack or damage the computer. Metasploit published modules that work against the Linux and Mac editions of Firefox 1.5.

The bug, which was one of 8 fixed in the Firefox 1.5.0.1 security update last week, was labeled "Critical" by Mozilla.

Symantec on Wednesday confirmed that the exploit works on Linux systems, and even though Windows code has not yet been made public, users should expect it soon. "Since the issue was developed for the Metasploit Framework, we assume that trivial modification would allow for the targeting of Windows," read an alert to customers of Symantec's DeepSight Threat Management System.

A caveat, said Symantec, is that the exploit consumes about 1 gigabyte of memory. That "possibly reduces the likelihood of successful exploitation on some systems."

  • 1