Views: 3,077 shadow is a new, extended (and renamed version) of a Firefox heap exploitation tool, which is quite a swiss army knife for Firefox/jemalloc heap exploitation. If you want to dive in really deep to this tool, and the technicalities behind it check this out – OR’LYEH? The Shadow over Firefox [PDF] Support shadow […]
firefox-security
At Last – Adobe Launches Sandboxed Flash Player For Firefox
Views: 10,011 Finally a proactive measure from Adobe to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player. There have been some massive hacks recently due to Flash – – Hackers Exploiting Latest Adobe Flash Bug On Large Scale – Adobe Patches Latest Flash Zero Day Vulnerability – […]
Hackers Exploit Unpatched Firefox 0day Using Nobel Peace Prize Website
Views: 12,885 It’s been a while since Firefox has been in the news, but this is a fairly high profile case involving the Nobel Peace Prize website. It seems there is a race condition vulnerability in the latest versions of Firefox (including 3.6.11) that allows remote exploitation. In this case it was used via an […]
Firefox Blocks Microsoft .NET Framework Assistant Add-on
Views: 44,900 [ad] This is an interesting development, I noticed the pop-up on my Firefox yesterday. The reason however wasn’t security it was ‘instability’. It’s a fair move by Mozilla though as the add-on can cause security vulnerabilities in Firefox outside of their control. They can’t fix the software, so the best thing they can […]
Mozilla Denies Firefox 3.5 Bug Is Exploitable
Views: 8,292 [ad] Ah a bug in our beloved Firefox, after the latest 3.5 update (which sees some definite improvements). The last one I recall was the Clickjacking Vulnerability, which also effected Chrome. It seems like it’s not too serious of an issue and will only cause crashing, there’s no room for remote exploitation or […]