We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Attack targets known Mozilla bug

Update to latest version to stay safe

Computer users who have not upgraded to the latest version of Mozilla's Firefox browser may now have an extra incentive to do so, thanks to a hacker going by the name of Aviv Raff.

On Sunday, Raff published sample code that could be used to take over the computers of Firefox users running version 1.0.4 or earlier of the browser. The exploit takes advantage of a known bug in the way that Firefox processes the popular Javascript web-programming language.

"I think it's been enough time for people to upgrade from v1.0.4. of Firefox. So, here is the PoC [proof of concept] exploit for the… vulnerability," he wrote on his blog.

The bug was fixed in Mozilla version 1.0.5, which was released last July, and has also been fixed in version 1.7.9 of the Mozilla Suite, said Mike Schroepfer, vice president of engineering with Mozilla. "As long as users keep updated to the latest version, they're, in general, very safe."

In some ways, this latest exploit is similar to highly publicised attack code that has been circulating for Microsoft's Internet Explorer browser, said Russ Cooper, editor of the NTBugtraq newslist and a scientist with security vendor Cybertrust. "It can install and run code of the attacker's choice if a victim visits a malicious website," he said in an interview via instant message.

Users who are not already in the habit of frequently updating their browsers should change their ways, because browsers are "historically broken," Cooper said. "That means they have vulnerabilities regularly," he added. "You should keep them updated within 30 days of patches being made available, regardless of what the patch is for."

The IE code, which was published in November, takes advantage of a Javascript problem that has not yet been patched.

Many security experts expect Microsoft to patch its Javascript bug on Tuesday, but the Redmond, Washington, software giant has not confirmed that this will be the case.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad