by a Thinker, Sailor, Blogger, Irreverent Guy from Madras

Firefox 19.0.2 fixes Pwn2Own exploit

The 1st day (Mar, 6) of the Pwn2Own contest at the CanSecWest conference, Vancouver, Canada saw all the major browsers - IE, Mozilla Firefox, Google Chrome - successfully hacked used exploits.

It must have been gagging for Google, which had just fixed numerous security bugs in the Chrome Web browser just before Pwn2Own.  Equally IE10 on Windows 8 was hacked with 2 zero-day exploits.

Mozilla Firefox exploit was different.  VUPEN Security exploited a Use-after-free security vulnerability to compromise the Mozilla Firefox 19.0.1 running on Windows 7.  VUPEN was awarded $60,000 from the contest co-organizer HP for showcasing the exploit.

But in a quick as fire response, Mozilla have released an update to the Firefox browser.  Mozilla Firefox 19.0.2 fixes the Use-after-free security vulnerability.  Use-after-free error is a memory related problem, when a (part) of program doesn’t actually release the memory which it was using and which is not needed/used by the software anymore.

But just in 24 hours after the flaw was first reported, Mozilla is out with a fix with its Firefox 19.0.2.  To be frank, Use-after-free errors are common with Firefox.  Practically every update has suffered from the problem.

Update:  Google Chrome 25 updated, fixes Webkit exploit discovered in Pwn2Own.

But this really must be a record of sorts.  A browser update within 24 hours of a reported security breach isn’t the way browser world work.  Mozilla delivering a quick fix with Firefox 19.0.2 have managed it.  It is really a quick fix too - the update package for Firefox 19.0.2, is a mere 2.7 MB and updates in a flash.

So, go ahead and browse more securely with Mozilla Firefox 19.0.2.


No comments:

Post a Comment

Support - Donate

Your Blog is

Donate thro ECWID

Contact Form

Follow by Email