Home
Updated Browser, Old-school Attack
Submitted by admin on Mon, 07/13/2009 - 08:07
in

FirefoxSo Firefox 3.5 is available and it has quickly become a hot download item, with almost 24 million downloads worldwide so far. The browser itself is touted as faster, safer and just better — but that's no reason not to be cautious.

One of our Vulnerability Analysts turned up this video the other day. The video title says "Firefox Exploit" but so far in our analysis, it looks like the exploits aren't really targeting Firefox.

The attack itself is rather comprehensive — there are at least 3 exploits being tried and their execution is a little involved. The exploits target vulnerable Adobe Flash players (CVE-2007-0071) and Microsoft ActiveX Controls (CVE-2008-0015). The last exploit has been making the rounds in the wild recently.

Still, the vector being used is the tried and true route of a vulnerable web application. So it's basically the same old hole in a brand new dress. Updating the browser — good. Not updating web apps at the same time — not so good. Just as a precaution, don't forget to update all your plugins, apps and so on when you update your browser!

Having said that, our Exploit team is currently digging deeper into certain features of the exploits. We'll add updates if and when any more interesting features turn up.

—————

Updated to add: The exploits in the malicious website are targeting the following vulnerabilities:

  •  CVE-2009-1136
  •  CVE-2008-0015
  •  CVE-2008-2463
  •  CVE-2007-0071

Three of the vulnerabilities are related to ActiveX Controls. CVE-2009-1136 is the subject of the latest Microsoft Security Advisory (973472) and is also the subject of one of our later posts (see above). Visiting the malicious site with Internet Explorer 6 and 7 caused the browsers to crash and the payload to run.

It looks like the only vulnerability that has more impact on Firefox 3.5 is CVE-2007-0071, which affects Flash players. Visiting the website with the latest Flash player, or without it installed, may not trigger the drive-by download.

Still, that doesn't mean the user is 100% protected if they do visit the website. The site's contents appears to have changed since that video came out, so it is possible the exploits (and targeted vulnerabilities) have changed as well.

So whatever browser or web app version is installed, just don't visit a known malicious website.

—————

Updated again to add: An actual exploit targeting the Firefox 3.5 browser itself – rather than an outdated web app or plugin – has since been reported.

On 13/07/09 At 07:41 AM

good for sharing

Submitted by nike air max (not verified) on Wed, 05/26/2010 - 08:43.

Nike Air Max Shoes, not only is the sneakers of consolidating high-tech sporting but also emphasizing the fashionable outer designs, is working consquently together with fashion icons worldwide.We offer great products from nike air max 90, nike air max 95, nike air max 360, nike air max 2009 and many more, they are on hot sale.Our purpose is to offer a low cost alternative to high designer shoes prices. We listen to our customers, adding the latest men's and women's trendy styles.

Find nike air max running shoes and buy nike air max online, Kicksinfo,Inc. is your best choice. We can provide Fashion design High quality nike air zoom shoes for you. All products on our site are already marked down 30-60% off retail price.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <br> <p> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

 TROJAN NEWS
 Subscribe Now

Security Sites

Tags

more tags