Got NoScript? If not, get it–the latest Firefox bug, an XML tag remote memory corruption vulnerability released on Wednesday, is mitigated by having the NoScript addon installed.
The bug can be exploited by a malicious website and can cause the browser to execute malware with no user intervention. All 3.0.x versions of Firefox running on Windows, Mac, and Linux operatintg systems are vulnerable. According to the Mozilla Wiki, the patched version, Firefox 3.0.8, “…is a high-priority firedrill security update to Firefox 3.0.x” and will be rolled out April 1.
The 3.0.8 release also fixes the Pwn2Own bug discovered at CanSecWest 2009, an issue that NoScript also mitigates.
I’ve said it before (see “Software for Secure Computing: Firefox & NoScript“); now’s a good time to say it again: install NoScript, and enjoy secure computing.
SecurityFocus bulletin: http://www.securityfocus.com/bid/34235/info.
The Register article: http://www.theregister.co.uk/2009/03/26/new_firefox_exploit/.
Mozilla Security Blog post: http://tinyurl.com/mozillasecurityblog