Thursday, March 26, 2009

Firefox XSLT exploit released to public. Mozilla announces fixes due out April 1st

| Brett D. Arion |
Update: Mozilla released the 3.0.8 update on Friday March 27, 2009.

Mozilla Security scrambled to address two critical security issues today. In a statement on the blog, Mozilla Security noted that the PWN2OWN bug discovered by Nils was reported to them via the Tippingpoint Zero Day initiative, but an XSLT bug was reported by Guido Landi on milw0rm.com. Mozilla stated that the fixes are undergoing quality testing and are to be included in the Firefox 3.0.8 update due on April 1st.

Mozilla Security Blog


XSLT Exploit

Security focus reference for XSLT Exploit

Free Security Magazines