Firefox exposed to Zero Day exploit
October 27, 2010
There appears to be an unpatched vulnerability in Firefox, both version 3.5 and the latest 3.6, and the Nobel Peace Prize website has been targeted.
Mozilla have acknowledged the bug and are working to fix the issue.
Whilst the Nobel Peace Prize website has been fixed, there is no doubt that this bug will be exploited rather quickly. So be careful when browsing the web if using Firefox.
This malware attaches a command shell to the opened socket, giving an attacker access on the local computer with the same rights as the logged on user.
How can I protect myself?
The best way to prevent infection is:
- Disable Javascript in Firefox
- Install the NoScript add-on