U.S.-CERT Warns Of Rogue Code For Firefox Flaw - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

U.S.-CERT Warns Of Rogue Code For Firefox Flaw

A new proof-of-concept code is circulating for a Firefox vulnerability that was fixed in Mozilla's security update that was released last week.

The U.S. Computer Emergency Response Team (CERT) issued a warning on Wednesday that a proof-of-concept code is circulating in the wild that could be vulnerability in Mozilla's Firefox browser.

The memory corruption vulnerability in Mozilla's flagship, open-source browser exists due to a flaw in the way Firefox handles freed data structures modified in the onUnload event handler, according to a U.S.-CERT advisory. That flaw can cause a memory corruption error.

Firefox, another U.S.-CERT advisory warns, does not properly handle JavaScript "onUnload" events. This vulnerability may lead to memory corruption that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Mozilla's security update, which was released last week, does fix the memory corruption issue, though the company had not made that public initially.

"The Firefox 2.0.0.2 update includes fixes for the bugs that researcher Michal Zalewski reported last week, including the hostname vulnerability, cookie issue and memory corruption issue," wrote Window Snyder, Mozilla's chief security officer, in an e-mail to InformationWeek. "Due to the security fixes, we strongly recommend that all Firefox users upgrade to this latest release." The upgrade is available at this Web site.

The JavaScript onUnload event defines the actions taken when the browser exits a Web page. According to U.S.-CERT, users can download the Firefox update but they also could disable JavaScript to fend off the exploit.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Slideshows
10 Ways to Transition Traditional IT Talent to Cloud Talent
Lisa Morgan, Freelance Writer,  11/23/2020
News
What Comes Next for the COVID-19 Computing Consortium
Joao-Pierre S. Ruth, Senior Writer,  11/24/2020
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll