Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: Firefox and Seamonkey Vulnerabilities SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Firefox and Seamonkey Vulnerabilities

In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vunerability has been published which involves XSL Transforms.  This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers.

Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1 (and no, this is not an early April Fools joke).

A proof-of-concept exploit for the XSL Transform vulnerability has been released.  If the attack succeeds, arbitrary code can be run in the context of the browser.  If the attack fails, a DoS condition is likely for the browser.

For more information about the XSL Transform issue, see:

  Secunia Advisory
  VUPEN Advisory

  Bugzilla Entry
  Mozilla Security Blog


78 Posts
Mar 27th 2009

Sign Up for Free or Log In to start participating in the conversation!