Firefox new exploit - SANS Internet Storm Center

Firefox new exploit
This is one of the strangest bugs beings discussed in Firefox that I've ever followed. An exploit shows up for FireFox 3.5 on a popular public exploit repository Secunia seems to confirm the exploit: http://secunia.com/advisories/35798/ Heisse reports the exploit can crash on Vista and can't seem to make it work on Windows 7 RC1 http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761 Brian Kerbs publishes a workaround at the washington post, no source mentioned: http://www.washingtonpost.com/wp-dyn/content/blog/2009/07/14/BL2009071401473.html Lots of other news outlets seem to copy this without further confirmation and/or independent sources. For Firefox we usually get an open and direct response. Yet this feels relatively unconfirmed and in the shade. So what's up here? Feel free to contact us. Please no links to media rehashing the same all over we're looking for first hand sources confirming or denying. Anyway, for those in doubt or fear: you could install and use NoSCript: that should remove the threat of that exploit completely. -- Swa Frantzen -- Section 66	Swa 760 Posts Jul 14th 2009
Thread locked Subscribe	Jul 14th 2009 1 decade ago
how about the mozilla blog? http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/	Anonymous
Quote	Jul 14th 2009 1 decade ago
@drew: Thanks! That hit the spot and I updated the entry completely.	Swa 760 Posts
Quote	Jul 14th 2009 1 decade ago
no problem! i actually received an alert from watchguard before it even hit sans. :)	Anonymous
Quote	Jul 14th 2009 1 decade ago
Note, Heisse and others are incorrectly reporting this as a 0-day. I haven't been able to find any references to active exploits (although code exists). Not a true 0-day unless the vulnerability is discovered as the result of a compromise (ie - you got hacked via a previously undisclosed vuln).	Anonymous
Quote	Jul 14th 2009 1 decade ago
@Halibut it all depends on the definition of 0-day you use	Swa 760 Posts
Quote	Jul 14th 2009 1 decade ago
It's in MSF trunk and has been for a couple of days people.	Anonymous
Quote	Jul 16th 2009 1 decade ago
The sample I provided to the handlers used the milw0rm code and was it was provided before msf released the module for the exploit. I've also not seen it used in any other malware sites or kits yet. I'm sure this will (or has) changed. @cyberpix, we realise it's in the trunk, we're simply notifying people that it's being actively exploited.	Anonymous
Quote	Jul 17th 2009 1 decade ago
After I have followed some of the links given in one of the yesterday's post, I was abble to access to many javascripts files exploiting FF 3.5 ... So, be careful, exploits are really in the wild and ready to compromise !	Jean 5 Posts
Quote	Jul 17th 2009 1 decade ago