NEWS FROM THE LAB - Tuesday, July 14, 2009

Firefox Memory Corruption Vulnerability Posted by Sean @ 13:42 GMT

No one particular browser is completely secure and today brings additional evidence of this fact with the posting of a Firefox exploit that allows for the execution of arbitrary code. The current version of Firefox (3.5) is affected and older versions may be as well.

The vulnerability in Firefox 3.5 is caused due to an error when processing JavaScript code handling. See our vulnerability description for additional information. The exploit, discovered by SBerry, was posted to a popular exploit site yesterday.

Joshua, one of our Browsing Protection researchers tested this Firefox exploit against our Exploit Shield technology.

And the result was good. Our Exploit Shield heuristically detected it as shellcode and blocked the exploit.

Exploit Shield Block of SA200903371

0-Day browser protection against 0-Day exploits. Exploit Shield will be part of this year's product release.

A standalone Exploit Shield beta is available from our Technology Preview pages.


Note: Firefox is a great browser… but you still want to practice safe surfing habits.


Updated to add: In case there is any confusion, our earlier post regarding Firefox 3.5 discussed exploits targeting outdated web apps/plugins in the updated browser; whereas this exploit targets a vulnerability in the browser itself.