Critical Vulnerability in Firefox Browser CVE-2010-3765
Yesterday we received reports about a critical vulnerability in Firefox browser that has been detected in the wild. According to the reports, this flaw can potentially allow an attacker to exploit the user's machine through the browser by making it run arbitrary code without user interaction - a classic drive-by vulnerability. Our customers are protected from this latest vulnerability by ACE, our Advanced Classification Engine.
The vulnerability was discovered when Nobel Peace Prize's web site got compromised. The attacker used multiple iframe redirections on the same compromised site, with the last chain pointing to a dynamic DNS provider to get to the malicious page.
Mozilla community also confirmed the vulnerability in a blog where they state that they are investigating the issue and working on a fix.
Websense Security Labs are currently investigating the vulnerability in detail. Initial analysis shows that the attacker references an object in the web page that has been removed, leaving the reference pointing to an invalid memory space. The malicious code uses heap spray technique to exploit the vulnerability and run arbitary code in user's computer. In addition, part of the exploit code checks the version of the browser and the operating system, and constructs the shellcode accordingly to initiate a successful exploit.