Tuesday, 06 April 2010 11:43

Pwn2Own winner's Firefox hole plugged

By

Firefox updates are arriving thick and fast. The latest fixes a flaw that was discovered by one of the winners in last month's Pwn2Own contest.


Just over a week after Firefox 3.6.2 was released to fix a remotely exploitable security vulnerability, version 3.6.3 arrived to patch a bug revealed during the Pwn2Own hacking contest held at the CanSecWest conference last month.

A security researcher at MWR InfoSecurity known simply as Nils identified a flaw in Firefox 3.6.x that could be exploited to run arbitrary code. He won a Sony Vaio notebook, $US10,000, and other benefits relating to contest sponsor Tipping Point's Zero Day Initiative.

According to the security advisory from Mozilla, "By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object."

The release notes imply this is the only fix in version 3.6.3.

Mozilla has indicated that while Nils' exploit is only useful against Firefox 3.6.x, the underlying bug will be patched in a future release of version 3.5.x "just in case there is an alternate way of triggering the bug."

Users of Firefox on Windows or Mac OS X may most easily update to the new version by using the Check for Updates command. The most recent versions of Firefox and other Mozilla programs may be downloaded here.

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Stephen Withers

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments