Attack code for Firefox zero-day goes wild,..........

[JMH]

A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla's Firefox browser.

The exploit - which allows attackers to remotely execute malicious code on end user PCs - triggers a heap corruption vulnerability in the popular open-source browser, said Evgeny Legerov, founder of Moscow-based Intevydis. He recently added it as a module to Vulndisco, an add-on to the Immunity Canvas automated exploitation system sold to security professionals.

"We've played a lot with it in our labs - it was very reliable," Legerov wrote in an email to The Reg. "Works against the default install of Firefox 3.6. We've tested it on XP and Vista."

Source -
Attack code for Firefox zero-day goes wild, says researcher ? The Register

 

[brady]

already been a revision to this: Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability 2010-02-19 Mozilla Firefox/Thunderbird/SeaMonkey HTML Parser Remote Code Execution Vulnerability Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities 2010-02-19 Mozilla Firefox CVE-2010-0159 Multiple Remote Memory Corruption Vulnerabilities Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability 2010-02-19 Mozilla Firefox and SeaMonkey SVG Document Cross Domain Scripting Vulnerability Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability 2010-02-19 Mozilla Firefox and SeaMonkey 'showModalDialog' method Cross Domain Scripting Vulnerability Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability 2010-02-19 Mozilla Firefox and SeaMonkey Web Workers Array Data Type Remote Memory Corruption Vulnerability