Here is a screenshot of the new FF 0day in WinDBG using the !exploitable extension. I am swamped with work right now, when I get a moment I try to post a more detailed writeup.
Anyone who wants to test the fix--or just protect yourself early--can get candidate builds from ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.0.8-candidates/
I've published an article about this issue, and apparently it is not as new as we think.
Check it out: http://translate.google.com/translate?client=tmpg&hl=pt&u=http%3A%2F%2Ffnstenv.blogspot.com%2F2009%2F03%2F0-day-no-mozilla-firefox.html&langpair=pt|en
BTW, awesome Blog... I always check it for good news (sometimes not that good ;-).
Anyone who wants to test the fix--or just protect yourself early--can get candidate builds from ftp://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/3.0.8-candidates/
ReplyDeleteHey, David... 8-)
ReplyDeleteI've published an article about this issue, and apparently it is not as new as we think.
Check it out:
http://translate.google.com/translate?client=tmpg&hl=pt&u=http%3A%2F%2Ffnstenv.blogspot.com%2F2009%2F03%2F0-day-no-mozilla-firefox.html&langpair=pt|en
BTW, awesome Blog... I always check it for good news (sometimes not that good ;-).
Keep in touch, buddy.
@nbrito
David, Mozilla just released the patch addressing this vulnerability...
ReplyDeleteThe awesome news is that it is not as new as we tought - remember my previous comment.
It shows that the security community is crawling the bug tracking systems to find any vulnerability previously fixed and raised from the dead-land...
How many other vulnerabilities will we see raising?
@nbrito