Oh joy, within 24 hours of the MS IE/ActiveX exploit we have a remote vulnerability against Firefox 3.5.
The vulnerability is caused due to an error when processing JavaScript code handling e.g. “font” HTML tags and can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.5. Other versions may also be affected.
Currently Mozilla have no “known vulnerability” page for Firefox 3.5 security issues, I presume once it’s created it’ll be here.
There is a sample exploit available already, so it’ll be in the wild soon if not already. 🙁
Oh dear 🙁
Tomorrow will be interesting…
They do acknowledge it now on mozilla.com, in a blog post at least: http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
Now fixed in Firefox 3.5.1!
Pingback: The Musings of Chris Samuel » Blog Archive » Firefox 3.5.1 Vulnerability