Firefox exploit’d!

It makes me sad to say that there is a Javascript execution triggered exploit that will allow an attacker to own a machine by exploiting the browser. This news does not sound that shocking, browsers are the point of entry for most malware, but this time its Firefox. Cnet reports that black-hat hackers presented this flaw at ToorCon, a hacker conference. As it stands the flaw supposedly effects windows, OS X, and Linux, although the information is sketchy and I cant find any first hand accounts. I suspect that OS X and Linux have a smaller damage footprint, as long as one is not running as root, and especially if your not running as a admin user. remember scripts run with your permissions, so the lower you can run day to day, and just escalate as needed (which can be done easily in OS X), the better.

The hackers who claimed to know 30 other Firefox exploits, were asked to report the weaknesses to Mozilla and even to claim the $500 bounties on exploits, but the hackers declined saying that they would do more good creating a network for black-hats.

The fly in the mustard is that one of these guys works for six-apart, the blog company that makes movable-type, Type Pad, Vox, and Live-journal. Something like this makes or breaks a companies reputation. Right now I say that it looks really bad on six apart. Your company should have a policy that all found critical security exploits from are handled in a responsibility manner as a term of employment.

This entry was posted in Security, The Web. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>