In association with heise online

27 October 2010, 13:33

Attackers exploit zero day vulnerability in Firefox

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Firefox Logo The trojan attack on visitors to the Nobel Peace Prize web site reported on Tuesday, exploited a previously unknown vulnerability in Firefox. No detailed information on the vulnerability is available at present, with access to the Bugzilla entry restricted to registered developers only.

It is fairly rare for attackers to exploit unknown vulnerabilities in Firefox. A zero day exploit for Firefox did crop up in the middle of last year, but at the time it was not being actively exploited for attacks.

The Mozilla Foundation has confirmed the existence of the vulnerability in versions 3.6 and 3.5 and classed it as critical. Mozilla is working on a patch, but until this is ready Mozilla advise users to deactivate JavaScript or to use the NoScript plug-in.

The Nobel Peace Prize web site has now been disinfected, but the Mozilla Foundation expects there to be other web sites out there which are using the exploit to distribute malware. It is not known how many users may have fallen victim to the attack.

According to analysis by Trend Micro, the exploit only attempts to infect older versions of Windows running Firefox 3.6.x. The exploit remains inactive when faced with Windows 7 and Vista (which it detects via the browser header) – probably because there are too many security obstacles to overcome under these operating systems. The exploit installs a back door (BKDR_NINDYA.A.) which makes contact with a number of servers.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit