« Nmap 5.00 Released with Some Amazing New FeaturesOpenSSH Security Vulnerabilities and Port Knocking »

FireFox 3.5 and IE 0days Exploited In the Wild

07/15/09

Permalink 04:05:01 pm, by Zach Brewer, 169 words
Categories: Security Advisories, General Security

FireFox 3.5 and IE 0days Exploited In the Wild

It's been an interesting couple of weeks and Blackhat/DefCon are still a little under two weeks away. First, Milw0rm.com shut down, then Milw0rm.com was brought back by str0ke. Now Milw0rm.com is hosting new 0day exploit code for both major web browsers.

A vulnerability in the Microsoft DirectShow MPEG2 ActiveX Control (MS09-028) was recently updated (a patch was released yesterday). This vulnerability is actively being exploited in the wild.

Then on 7/13/2009, CVE-2009-1136 (a 0day in IE MS Office Web Components) was announced and soon after exploited in the wild as discussed thoroughly on the SANS ISC.

"But I use FireFox!" you say? Well yesterday a 0day for FireFox 3.5 was announced.

As discussed in previous blog entries, we highly recommend using layered security including HIPS, updated AV, firewall, and extensions such as NoScript.

MS Advisories:
http://www.microsoft.com/technet/security/advisory/973472.mspx

http://www.microsoft.com/technet/security/Bulletin/MS09-028.mspx

FireFox Advisory:
http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/

Priveon, Inc.

Today's complex security and networking solutions require a great deal of knowledge to successfully support and operate. Priveon uses the field experience of its expert staff to develop and maintain a positive reinforcement loop between business practices and to provide the latest information to our customers. The information posted here is supported by Priveon subject-matter experts.

Search

XML Feeds

Archives