Researchers Break Into The Latest Firefox With Zero-Day Flaw

After Safari and Internet Explorer were 'pwned', Mozilla's Firefox fell prey to the hackers at the 'Pwn2Own' hacking contest. Willem Pinckaers and Vincenzo Iozzo were successful at their attempt of exploiting a zero-day vulnerability in the latest Firefox 10.0.2 (Windows 7 SP1) which earned them a $30,000 cash prize. Pwn2Own is a computer hacking contest held at the annual CanSecWest security conference, since 2007.

#-Link-Snipped-#

The vulnerability that was targeted by the Researchers was by exploiting  a use-after-free clause in the open-source browser after successfully evading two substantial anti-exploit security features built into the Windows Operating Systems, namely DEP and ALSR. Because Firefox does not have SandBox, it was a rather easy target for the hackers at Pwn2Own, which also yielded a number of zero-day flaws in Microsoft's  Internet Explorer and the Google Chrome browser. It was  Stephen Fewer, an Irish security researcher who hacked the Internet Explorer 8 and earned a  $15,000 prize. On the other side, security researchers from VUPEN,  a penetration testing company based in France took the iOS browser, Safari 5.0.4 down  on Mac OS X (x64).

In an interview, after the drive-by download attack was demonstrated at the Pwn2Own event, Pinckers explained that he was able to convert the use-after-free bug into two individual information-leak conditions in order to carry out the hack. The same vulnerability was struck three times, once to leak the information followed by leaking the addresses of their data. The third time took the exploit to finish by getting the code executed. Iozzo was responsible for  digging the vulnerability while Pinckaers proceeded to write a successful exploit within a day's time.

Source: #-Link-Snipped-# Image Credit: #-Link-Snipped-#

Replies

You are reading an archived discussion.

Related Posts

The research engineers at the Tel Aviv University (TAU) have used blood, milk and mucus in place of silicon to create environment friendly, biodegradable transistors. Silicon, until now, was extensively...
At the upcoming SXSW event in Austin on the 13th, Paypal will be giving us an insight into what's new in their bag for the consumers. Sam Shrauger, Vice President,...
The Mobile Money/Payment concept has taken a huge leap with the ever growing subscriber base in the mobile industry along with the introduction of Google Wallet and other such services...
Computer scientists at Technabling, a venture from Aberdeen University, have developed a technology that translates sign language into text, thereby empowering the deaf people by making the way they communicate...
Reliance Communications headed by Anil Dhirubhai Ambani has launched India's first ever CDMA tablet called 'Reliance Tab'. The company has also launched customized data plans optimized for the tablet and...