The 1st day (Mar, 6) of the Pwn2Own contest at the CanSecWest conference, Vancouver, Canada saw all the major browsers - IE, Mozilla Firefox, Google Chrome - successfully hacked used exploits.
It must have been gagging for Google, which had just fixed numerous security bugs in the Chrome Web browser just before Pwn2Own. Equally IE10 on Windows 8 was hacked with 2 zero-day exploits.
Mozilla Firefox exploit was different. VUPEN Security exploited a Use-after-free security vulnerability to compromise the Mozilla Firefox 19.0.1 running on Windows 7. VUPEN was awarded $60,000 from the contest co-organizer HP for showcasing the exploit.
But in a quick as fire response, Mozilla have released an update to the Firefox browser. Mozilla Firefox 19.0.2 fixes the Use-after-free security vulnerability. Use-after-free error is a memory related problem, when a (part) of program doesn’t actually release the memory which it was using and which is not needed/used by the software anymore.
But just in 24 hours after the flaw was first reported, Mozilla is out with a fix with its Firefox 19.0.2. To be frank, Use-after-free errors are common with Firefox. Practically every update has suffered from the problem.
Update: Google Chrome 25 updated, fixes Webkit exploit discovered in Pwn2Own.
But this really must be a record of sorts. A browser update within 24 hours of a reported security breach isn’t the way browser world work. Mozilla delivering a quick fix with Firefox 19.0.2 have managed it. It is really a quick fix too - the update package for Firefox 19.0.2, is a mere 2.7 MB and updates in a flash.
So, go ahead and browse more securely with Mozilla Firefox 19.0.2.
It must have been gagging for Google, which had just fixed numerous security bugs in the Chrome Web browser just before Pwn2Own. Equally IE10 on Windows 8 was hacked with 2 zero-day exploits.
Mozilla Firefox exploit was different. VUPEN Security exploited a Use-after-free security vulnerability to compromise the Mozilla Firefox 19.0.1 running on Windows 7. VUPEN was awarded $60,000 from the contest co-organizer HP for showcasing the exploit.
But in a quick as fire response, Mozilla have released an update to the Firefox browser. Mozilla Firefox 19.0.2 fixes the Use-after-free security vulnerability. Use-after-free error is a memory related problem, when a (part) of program doesn’t actually release the memory which it was using and which is not needed/used by the software anymore.
But just in 24 hours after the flaw was first reported, Mozilla is out with a fix with its Firefox 19.0.2. To be frank, Use-after-free errors are common with Firefox. Practically every update has suffered from the problem.
Update: Google Chrome 25 updated, fixes Webkit exploit discovered in Pwn2Own.
But this really must be a record of sorts. A browser update within 24 hours of a reported security breach isn’t the way browser world work. Mozilla delivering a quick fix with Firefox 19.0.2 have managed it. It is really a quick fix too - the update package for Firefox 19.0.2, is a mere 2.7 MB and updates in a flash.
So, go ahead and browse more securely with Mozilla Firefox 19.0.2.
No comments:
Post a Comment