A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla's Firefox browser.
The exploit - which allows attackers to remotely execute malicious code on end user PCs - triggers a heap corruption vulnerability in the popular open-source browser, said Evgeny Legerov, founder of Moscow-based Intevydis. He recently added it as a module to Vulndisco, an add-on to the Immunity Canvas
automated exploitation system sold to security professionals.
"We've played a lot with it in our labs - it was very reliable," Legerov wrote in an email to The Reg
. "Works against the default install of Firefox 3.6. We've tested it on XP and Vista."