According to Brian Krebs blog on the Washington Post, exploit code has been released for the latest Firefox and Netscape vulnerability. To protect yourself against this code either 1) buy a Mac or 2) update your version of Firefox to the latest version – available here.
The exploit code appears to allow an attacker to take remote control of infected PCs – it is interesting to see a serious exploit for Firefox being released, finally – we are far more used to seeing these kinds of exploits being released for internet Explorer!
Also interesting is that its a very basic rewrite of an old IE exploit using buffer overflows. And while the exploit is now in the wild, the vulnerability was actually fixed by the Mozilla/Firefox team the day before the public disclosure. It does however still mean that there are a lot of vulnerable machines out there. As for buying a Mac – I would not recommend that as a security measure. Firefox has been out for quite some time and while it had a small user base very few vulnerabilities were found / exposed. The same is / will be true of Macs once (if ever) their user base reaches a critical mass – no question.
Hey Lee, the buy a Mac comment was a bit tongue in cheek, tbh – however, I don’t buy the numbers argument at all. 70% of the world’s webservers are Apache and yet, the vast majority of the exploits for webservers are for IIS – I think the same would apply to PCs – if 70% of the world’s PCs were Mac, the vast majority of exploits would still be for PC’s.
This is because the Open Source pedigree of OS X means that the code base is peer reviewed and consequently far less vulnerable to exploits.
If I worked for Apple I’d hire you in the moring! (Of course, I’d hire myself too)
Just like Firefox Tom?
Exactly Damien,
Just like Firefox – the number of vulnerabilities reported for Firefox and their level of severity is far less than then number for Internet Explorer.
Also, Firefox is faster releasing patches for reported vulnerabilities than is Microsoft.