Friday, February 19, 2010

Firefox 3.6 "0day" - trying to find more info (and more "0day")

About the recently Firefox 3.6 "0day":
http://hackingexpose.blogspot.com/2010/02/attack-code-for-firefox-zero-day-goes.html

Where to try to find some more info (or "how to try to find more 0day"):

Firefox  -  Crash Reports Stat
http://crash-stats.mozilla.com/

Mozilla Bugzilla Repository
https://bugzilla.mozilla.org/buglist.cgi?query_format=specific&order=relevance+desc&bug_status=__open__&product=Firefox&content=crash

Some interesting notes:

Between the 12 and 13 of  February 2010 there was a peak of crash reported:
(from crash-stats site)

Some URLs that recently have generated crash conditions in Firefox 3.6
http://crash-stats.mozilla.com/topcrasher/byurl/Firefox/3.6

1 comment:

  1. Hey thanks a lot for sharing such a nice and detailed review on firefox on '0' day.
    Russian security firm Intevydis has made a Windows exploit for a previously unknown security hole in Firefox 3.6 available to its customers. The exploit allows attackers to remotely gain control of a PC. Intevydis develops the commercial VulnDisco add-on for the also commercial Canvas exploit toolkit by vendor Immunity. On the Immunity forum, developer Evgeny Legerov praises his exploit for Windows XP (SP3) and Vista as being quite reliable. The developer says It was an interesting challenge to find the flaw – a buffer overflow – and to exploit it.

    By the way for more information on Professional Training and Certification for Security courses check this link: SECURITY COURSES

    ReplyDelete