Web Hosting Security

  Home arrow Web Hosting Security arrow Mozilla Working to Fix New Firefox Vul...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

Mozilla Working to Fix New Firefox Vulnerability
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1

    Table of Contents:

    Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article



    A new flaw was discovered in Mozilla's Firefox browser on Tuesday afternoon. Although not much is known about the specific Trojan malware that is using the vulnerability to perform attacks, Mozilla has assured visitors to its Security Blog that it has diagnosed the problem and is in the process of developing a fix for it. Once the fix is developed and tested, Mozilla promises to release it to the public. The operating systems that are vulnerable are not known, but it seems as if Windows users are at a higher risk of infection.

    Mozilla received news of the vulnerability from a variety of security research firms. Norman ASA, a security firm that specializes in products that provide protection for consumers, enterprise networks, and the government, was credited as being at the forefront of the discovery. Norman's Malware Detection Team in Oslo, Norway detected the new Trojan virus that takes advantage of a zero-day vulnerability in versions 3.5 and 3.6 of Firefox. The attack occurred on the Nobel Peace Prize website on Tuesday, and any users who visited the site around that time period could have had the Trojan installed on their computers unknowingly.

    Norman stated that once the Trojan was installed, it would then attempt to connect two Internet addresses that point to a Taiwanese server. Once a successful connection between the addresses was established, the hacker would gain access to the compromised computer. Norman warned that although the infection has been linked to the Nobel Peace Prize website, there could be other websites that are infected as well, that would pose a similar threat. While customers using Norman's antivirus products are protected from the attacks, other web users are urged to exercise caution while surfing the Internet.

    Since Firefox is said to be the second most popular browser used worldwide, the number of people affected by the vulnerability could be high. A Trojan virus, if successfully installed, can give hackers unauthorized access to a computer and use it to spread the virus to other machines, send spam, steal financial data and passwords, and more. The zero-day vulnerability in Firefox 3.5 and 3.6 is a perfect opportunity for exploitation by hackers until Mozilla finds a patch to fix it.

    Mozilla blocked the Nobel Peace Prize site using Firefox's integrated malware protection. Until a patch is released, Mozilla urges its users to take some preventive measures. One suggestion is to install the NoScript add-on. NoScript is free, and allows Firefox users to protect themselves by selectively allowing scripts from trusted websites to prevent zero-day exploits. Besides its selectivity when it comes to active content, NoScript also offers protection against clickjacking attempts, XSS attacks, and more. 

    Another suggestion offered by Mozilla is to disable JavaScript in Firefox. This can be done by going into the Tools drop-down menu at the top of the browser and selecting Options. From there, click on the Content tab and uncheck Enable JavaScript.

    For more on this topic, visit the Computerworld story.  

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou


    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates


    © 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap