JonDonym

Languages

JonDoNews

Version 0.2.5 of the JonDoFox extension
19.05.2010 - 09:26
Maintenance work at the mix Jupiter
06.05.2010 - 10:55
Technical collaborative wiki is online
02.04.2010 - 15:08
Federal Constitutional Court stops German data retention law
02.03.2010 - 12:40

JonDoBlog

EU Commission supports Web filter advocates
30.04.2010 - 21:05
Google, data collections und anonymity in the Internet
28.04.2010 - 20:53
Java exploit
16.04.2010 - 06:27
Trading with zero-day-exploits
23.02.2010 - 19:53

Trading with zero-day-exploits

Submitted by cane on 23. February 2010 - 19:53.

On February 18. Secunia announced a zero-day-exploit for Firefox 3.6. A serios bug in Mozilla Firefox offers the possibility for remote code execution with administrator rights on Windows. It is possible that earlier versions of Firefox are affected too.

Evgeny Legerov about the result of his work: "People who've seen firefox exploit agree with me - it is a really cool bug, it was an interesting challenge to find and exploit it."

The Internet security company Intevydis had knowledge of the bug for more than two weeks. But they did not give any notice of it to the Mozilla developers. A Twitter post from Legerov shows, he was working on an exploit. On February 12./13. there were a lot firefox chrashes. Maybe the exploit was tested in the wild this time.

Secunia and Intevydis did not give any information about the bug to the Firefox developers, because the companies wanted to push the commercial exploit toolkit Canvas and the commercial addon VulnDisco with a really working zero-day-exploit.

Because of secure default settings the JonDoFox is much less vulnerable. But without knowledge about the exploit we can't evaluate, if it is save for this exploit.

cane's blog