« Static Analysis Tools and the SDL (Part Two) | Main | Microsoft Security Bulletin Summary for July 2009 »

Firefox 3.5 0Day published

"The exploit portal Milw0rm has published an exploit for Firefox 3.5. The exploit demonstrates a security vulnerability by starting the Windows calculator. In testing by heise Security, the exploit crashed Firefox under Vista, but security service providers Secunia and VUPEN confirmed that attackers using prepared websites can infect PCs. The cause of the problem is a buffer overflow when processing specially prepared Font tags."

Read more: http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!