Mozilla (Firefox) has acknowledged a zero-day vulnerability in Firefox v3.5 and 3.6. The vulnerability was actively exploited via the Norwegian Nobel Peace Prize website (nobelpeaceprize.org) on Tuesday. The Nobel Prize attackers confined their targeting to Firefox 3.6 and specific versions of Windows (other than Vista and Windows 7), but future attackers will likely not confine it so restrictively.
No patch is currently available. For protection, Mozilla is recommending that Firefox users install the free NoScript addon.
It's anticipated that the vulnerability will be assigned CVE-2010-3765.
Niciun comentariu:
Trimiteți un comentariu