Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla First To Patch Pwn2Own Browser Vulnerability

Posted by Soulskill on Saturday March 28, 2009 @02:46AM from the comparatively-quick dept.

Constantine the Less writes "Mozilla has released Firefox 3.0.8 to fix a pair of code execution holes that put users of the browser at risk of drive-by download attacks. It includes a fix for one of the flaws exploited during this year's CanSecWest Pwn2Own hacker contest. The update also fixes a separate zero-day flaw disclosed earlier this week on a public exploit site. Both issues are rated 'critical,' Mozilla's highest severity rating."

3 of 141 comments (clear)

Min score:

Reason:

Sort:

Re:MS already patched in IE8 final build by Anonymous Coward · 2009-03-28 03:44 · Score: 5, Informative

Doesn't support DEP, so will be a bit more work.
DEP is supported on Windows XP since SP2.
Re:And this is a surprise? by makomk · 2009-03-28 03:55 · Score: 5, Informative

Well, it wouldn't work on Vista on the final release of IE8, except on Intranet pages. Apparently, it still works on IE8 running under XP, still works on Intranet pages. The underlying vulnerability is still present on IE8 on all platforms, it's just that there's not currently any way to exploit it thanks to DEP and ASLR.
Re:And this is a surprise? by icebraining · 2009-03-28 04:16 · Score: 5, Informative

On the other hand, Firefox on Linux wasn't exploited at all.

--
Dilbert RSS feed