Slates patch for March 30; flaw can't be used in upcoming Pwn2Own hack contest
By Gregg Keizer
March 19, 2010 04:05 PM ET
http://www.computerworld.com/s/article/9173698/Moz...Computerworld - Mozilla yesterday confirmed a critical vulnerability in the newest version of Firefox, and said it would plug the hole by the end of the month.
Although the patch won't be added to Firefox before next week's Pwn2Own browser hacking challenge, researchers won't be allowed to use the flaw, according to the contest's organizer.
"The vulnerability was determined to be critical and could result in remote code execution by an attacker," Mozilla acknowledged in a post to its security blog late Thursday. "The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix."
------------------------------------
Mozilla Firefox Unspecified Code Execution Vulnerability
19th Mar, 2010 05:39
http://secunia.com/community/forum/thread/show/3586Update on Secunia Advisory SA38608
03.18.10 - 08:20pm
Mozilla was contacted by Evgeny Legerov, the security researcher who discovered the bug referenced in the Secunia report, with sufficient details to reproduce and analyze the issue. The vulnerability was determined to be critical and could result in remote code execution by an attacker. The vulnerability has been patched by developers and we are currently undergoing quality assurance testing for the fix. Firefox 3.6.2 is scheduled to be released March 30th and will contain the fix for this issue. As always, we encourage users to apply this update as soon as it is available to ensure a safe browsing experience.
----------------------------------------
1. Black Hatter announces a "vulnerability" in the hopes that someone buys his software. He also threatens not to release the vulnerability.
2. All news sites and security sites publicize the story without any confirmation.
3. Mozilla refuses to "pay up".
4. The vulnerability does not seem to affect a lot of people and Mozilla goes ahead and announces that they will release 3.6.2 anyways.
5. Hacker realizes that he is being foolish and releases the code:)
I posted this on the Secunia Forum linked above:
I cant wait for the movie-- Starring Matt Damon as Mozilla Corp CEO John Lilly, John Malkovich as Evgeny "KGB" Legerov, Edward Norton and Michael Rispoli...
http://www.imdb.com/title/tt0128442/quotesEdit spelling, correct link.
As John Lennon once sang:
Strange Days, Indeed. Most peculiar Mama.http://www.youtube.com/watch?v=gBCdlBrgEmE