Update (Oct 27, 2010 @ 20:12):
A fix for this vulnerability has been released for Firefox and Thunderbird users.
Firefox 3.6.12 and 3.5.15 security updates now available
Thunderbird 3.1.6 and 3.0.10 security updates now available
Issue:
Mozilla is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6 users. We have received reports from several security research firms that exploit code leveraging this vulnerability has been detected in the wild.
Impact to users:
Users who visited an infected site could have been affected by the malware through the vulnerability. The trojan was initially reported as live on the Nobel Peace Prize site, and that specific site is now being blocked by Firefox’s built-in malware protection. However, the exploit code could still be live on other websites.
Status:
We have diagnosed the issue and are currently developing a fix, which will be pushed out to Firefox users as soon as the fix has been properly tested.
In the meantime, users can protect themselves by doing either of the following:
- Disabling JavaScript in Firefox
- Using the NoScript Add-on
Credit:
Morten Kråkvik of Telenor SOC
—
Brandon Sterne
Man-in-the-middle
Holly
wrote on
CNN Newsroom
wrote on
mvario
wrote on
Daniel Veditz
wrote on
dave
wrote on
Sean Kerner
wrote on
Daniel Veditz
wrote on
dave
wrote on
Jason
wrote on
pal-moz
wrote on
Arthur Norton
wrote on
Lonyl
wrote on
Sug
wrote on
Lloyd Budd
wrote on
Sreedharan
wrote on
Mark
wrote on
DADSGETNDOWN
wrote on
Daniel Veditz
wrote on
Daniel Veditz
wrote on
John
wrote on
Brian
wrote on
James Roper
wrote on
Nicolas
wrote on
Brian
wrote on
Daniel Veditz
wrote on
Daniel Veditz
wrote on
Odysseus
wrote on
sam45623
wrote on
Skolko Mozhno Tyanut
wrote on
Daniel Veditz
wrote on
Sam45632
wrote on
Spintos
wrote on
Daniel Veditz
wrote on