Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: incrediBILL
Malicious hackers have exploited an unpatched vulnerability in the latest version of Firefox to attack people visiting the Nobel Peace Prize website, a Norway-based security firm said on Tuesday.
Mozilla representatives confirmed a "critical vulnerability" in versions 3.5 and 3.6 of the open-source browser. It came several hours after the organization members were said to have made the same admission on this password-protected Bugzilla page.
According to Einar Oftedal, a detection executive at Norman ASA in Oslo, the official website for the Nobel Peace prize, nobelpeaceprize . org, was compromised so that it contained an iframe link to a malicious server.
[edited by: Sgt_Kickaxe at 3:00 am (utc) on Oct 27, 2010]
Fixed in Firefox 3.6.12
MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion
[bugzilla.mozilla.org...] has the Bug Report from 2010-10-25