A security researcher in Russia decided to drop a zeroday on Mozilla today without so much as a hint at anything resembling responsible disclosure. No, I’m not opening that can of worms…again.
From The Register:
A Russian security researcher on Thursday said he has released attack code that exploits a critical vulnerability in the latest version of Mozilla’s Firefox browser.
The exploit – which allows attackers to remotely execute malicious code on end user PCs – triggers a heap corruption vulnerability in the popular open-source browser, said Evgeny Legerov, founder of Moscow-based Intevydis.
Mozilla has not confirmed the veracity of his comments or the exploit but, we can expect to see something from them in short order.
(Image used under CC from goosmurf)