Mozilla First To Patch Pwn2Own Browser Vulnerability

← Back to Stories (view on slashdot.org)

Mozilla First To Patch Pwn2Own Browser Vulnerability

Posted by Soulskill on Saturday March 28, 2009 @02:46AM from the comparatively-quick dept.

Constantine the Less writes "Mozilla has released Firefox 3.0.8 to fix a pair of code execution holes that put users of the browser at risk of drive-by download attacks. It includes a fix for one of the flaws exploited during this year's CanSecWest Pwn2Own hacker contest. The update also fixes a separate zero-day flaw disclosed earlier this week on a public exploit site. Both issues are rated 'critical,' Mozilla's highest severity rating."

7 of 141 comments (clear)

Min score:

Reason:

Sort:

MS already patched in IE8 final build by Anonymous Coward · 2009-03-28 03:19 · Score: 4, Informative

MS patched this on IE8 on Vista already before it published Mar 19. http://blogs.iss.net/archive/chicksdigIE8.html
XP hasn't been patched yet. Doesn't support DEP, so will be a bit more work.
1. Re:MS already patched in IE8 final build by Anonymous Coward · 2009-03-28 03:44 · Score: 5, Informative
  
  Doesn't support DEP, so will be a bit more work.
  DEP is supported on Windows XP since SP2.
Re:that's quick by cbiltcliffe · 2009-03-28 03:26 · Score: 3, Informative

Could you get such fast service? Certainly.
With such minimal vetting? I doubt it. Only if you're a trusted submitter to the Mozilla tree. And if you were, you'd only get to pull a stunt like that once.

--
"City hall" in German is "Rathaus" Kinda explains a few things......
Re:And this is a surprise? by Anonymous Coward · 2009-03-28 03:35 · Score: 4, Informative

And did closed source helped ms to make more secure browser?
umm, yes.
the person who cracked safari on osx said that ie8 on vista was the toughest to exploit.
Re:And this is a surprise? by makomk · 2009-03-28 03:55 · Score: 5, Informative

Well, it wouldn't work on Vista on the final release of IE8, except on Intranet pages. Apparently, it still works on IE8 running under XP, still works on Intranet pages. The underlying vulnerability is still present on IE8 on all platforms, it's just that there's not currently any way to exploit it thanks to DEP and ASLR.
Re:And this is a surprise? by icebraining · 2009-03-28 04:16 · Score: 5, Informative

On the other hand, Firefox on Linux wasn't exploited at all.

--
Dilbert RSS feed
Mac OS X != OSS by tepples · 2009-03-28 06:45 · Score: 4, Informative

I can't download the upgrade. I'm running OSX 10.3.9, and Firefox 2.0.0.1. Firefox 3.x requires 10.4.
OSS developers should think about those of us that are still happy with their older software! (or can't upgrade)
Mac OS X is not open-source software. If you can't install Leopard or even Tiger on your PowerPC Mac, try installing a Linux distribution that supports your Mac model. I'm sure they still exist.