A security researcher in Russia decided to drop a zeroday on Mozilla today without so much as a hint at anything resembling responsible disclosure. No, I’m not opening that can of worms…again.

From The Register:

A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla’s Firefox browser.

The exploit – which allows attackers to remotely execute malicious code on end user PCs – triggers a heap corruption vulnerability in the popular open-source browser, said Evgeny Legerov, founder of Moscow-based Intevydis.

Mozilla has not confirmed the veracity of his comments or the exploit but, we can expect to see something from them in short order.

Article Link

(Image used under CC from goosmurf)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.