We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Firefox 'firedrill' critical fix coming next week

Attack code targets browser vulnerability

Online attack code has been released targeting a critical, unpatched flaw in Mozilla's Firefox browser.

The attack code, written by security researcher Guido Landi, was published on several security sites on Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorised software onto a Firefox user's machine.

Mozilla developers have already worked out a fix for the vulnerability. It's scheduled to ship in the upcoming Firefox 3.0.8 release, which developers are now characterising as a 'high-priority firedrill security update', thanks to the attack code. That update is expected sometime early next week.

"We... consider this a critical issue," said Mozilla Director of Security Engineering Lucas Adamski in an email.

The bug affects Firefox on all operating systems, including Mac OS and Linux, according to Mozilla developer notes on the issue.

By tricking a victim into viewing a maliciously coded XML file, an attacker could use this bug to install unauthorised software on a victim's system. This kind of web-based malware, called a drive-by download, has become increasingly popular in recent years.

While the public release of browser attack code doesn't happen all that often, security researchers don't seem to have much trouble finding bugs in browser software. Last week, two hackers at the CanSecWest security conference dug up four separate bugs in the Firefox, IE and Safari browsers.


IDG UK Sites

Moto G2 (2014) vs Moto E comparison review: New Moto G is worth the extra cash

IDG UK Sites

Is Apple losing confidence in itself?

IDG UK Sites

Oculus Rift 'Crescent Bay' prototype hands-on: it's an amazing experience

IDG UK Sites

How (and where) to buy an iPhone 6 or iPhone 6 Plus in the UK. Plus: What to do if you pre-ordered...