MA-179.072009: MyCERT Alert - Mozilla Firefox - Critical Memory Corruption Vulnerability 1.0 Introduction A critical vulnerability has been identified in Mozilla Firefox. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. MyCERT is aware that '0-day' exploit is available on the Internet at the time of this writing. Essentially, an attacker can trick unsuspecting users of Mozilla Firefox into opening a URL that contain a specially crafted web page that contains the exploit code. 2.0 Impact An attacker who has successfully exploited this vulnerability could execute code remotely and gain the same privilege as the user. This vulnerability could also be exploited to install malware on the user's computer. 3.0 Affected Products 4.0 Recommendation As of this writing, Mozilla Foundation has not released any patches to address this vulnerability. However here are some recommendations to the users: - Do not to browse untrusted websites or follow untrusted links.
- Use NoScript plugin for pre-emptively blocks malicious scripts. NoScript can be downloaded from this link:
https://addons.mozilla.org/en-US/firefox/addon/722
- Browse the Internet with least privilege user to limit the execution of the malicious file.
- Use alternative browsers such as Opera to browse the Internet
Generally, MyCERT advice users of this software to keep themselves updated with the latest security announcements by the vendor. Users who receive suspicious URLs can forward them to MyCERT for further analysis. MyCERT can be reached through the following channels: E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my 5.0 References |
