Computer users who have not upgraded to the latest version of Mozilla's Firefox browser may now have an extra incentive to do, thanks to a hacker going by the name of Aviv Raff.
"I think it's been enough time for people to upgrade from v1.0.4. of Firefox. So, here is the PoC [proof of concept] exploit for the ... vulnerability," he wrote on his blog.
The bug was fixed in Mozilla version 1.0.5, which was released last July, and has also been fixed in version 1.7.9 of the Mozilla Suite, said Mike Schroepfer, vice president of engineering with Mozilla. "As long as users keep updated to the latest version, they're, in general, very safe."
In some ways, this latest exploit is similar to highly publicized attack code that has been circulating for Microsoft's Internet Explorer (IE) browser, said Russ Cooper, editor of the NTBugtraq newslist and a scientist with security vendor Cybertrust Inc. "It can install and run code of the attacker's choice if a victim visits a malicious Web site," he said in an interview via instant message.
Users who are not already in the habit of frequently updating their browsers should change their ways, because browsers are "historically broken," Cooper said. "That means they have vulnerabilities regularly," he added. "You should keep them updated within 30 days of patches being made available, regardless of what the patch is for."