This is one of the strangest bugs beings discussed in Firefox that I've ever followed.
For Firefox we usually get an open and direct response. Yet this feels relatively unconfirmed and in the shade. So what's up here? Feel free to contact us. Please no links to media rehashing the same all over we're looking for first hand sources confirming or denying. Anyway, for those in doubt or fear: you could install and use NoSCript: that should remove the threat of that exploit completely. -- |
Swa 760 Posts Jul 14th 2009 |
Thread locked Subscribe |
Jul 14th 2009 1 decade ago |
how about the mozilla blog?
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/ |
Anonymous |
Quote |
Jul 14th 2009 1 decade ago |
@drew: Thanks! That hit the spot and I updated the entry completely.
|
Swa 760 Posts |
Quote |
Jul 14th 2009 1 decade ago |
no problem! i actually received an alert from watchguard before it even hit sans. :)
|
Anonymous |
Quote |
Jul 14th 2009 1 decade ago |
Note, Heisse and others are incorrectly reporting this as a 0-day. I haven't been able to find any references to active exploits (although code exists). Not a true 0-day unless the vulnerability is discovered as the result of a compromise (ie - you got hacked via a previously undisclosed vuln).
|
Anonymous |
Quote |
Jul 14th 2009 1 decade ago |
@Halibut it all depends on the definition of 0-day you use
|
Swa 760 Posts |
Quote |
Jul 14th 2009 1 decade ago |
It's in MSF trunk and has been for a couple of days people.
|
Anonymous |
Quote |
Jul 16th 2009 1 decade ago |
The sample I provided to the handlers used the milw0rm code and was it was provided before msf released the module for the exploit. I've also not seen it used in any other malware sites or kits yet. I'm sure this will (or has) changed. @cyberpix, we realise it's in the trunk, we're simply notifying people that it's being actively exploited.
|
Anonymous |
Quote |
Jul 17th 2009 1 decade ago |
After I have followed some of the links given in one of the yesterday's post, I was abble to access to many javascripts files exploiting FF 3.5 ... So, be careful, exploits are really in the wild and ready to compromise !
|
Jean 5 Posts |
Quote |
Jul 17th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!