Firefox is faced again with another challenge in the security of its latest browser, Firefox 3.6. As of late, I have noticed more browser crashes in the last two weeks in which could be a result of this exploit.
There’s new zero day exploit in Firefox 3.6. The exploit allows attackers to remotely gain control of a PC. Russian security firm Intevydis develops the commercial VulnDisco add-on for the also commercial Canvas exploit toolkit by vendor Immunity. Intevydis made a Windows exploit for a previously unknown security hole in Firefox 3.6 available to its customers.
Mozilla (Firefox) hasn’t released any updates to correct this exploit, even though its been known since the beginning of February.
According to the analysis on the Extraexploit blog, a significant increase in the number of Firefox 3.6 crashes was noted on the 12th and 13th of February. It is unclear whether the crashes were connected to the exploit being tested. The pages causing the highest number of crashes are listed in Mozilla’s crash reports.
Mozilla Crash Reports: http://crash-stats.mozilla.com/topcrasher/byurl/Firefox/3.6
Mozilla needs to find a way to release updates a lot quicker to reduce the exposure of such exploits.