First zero day exploit hits Firefox 3.6

Security specialists from Russia have made a Windows exploit for a previously unknown security hole in Mozilla's Firefox 3.6 available to the public. The exploit allows attackers to remotely gain control of your Windows machine. Developer Evgeny Legerov praises his exploit for Windows XP (SP3) and Vista as being reliable, however that doesn't necessarily mean that Firefox on other platforms is not affected.

The hole is likely to be still open since no updates have been released since the exploit became public. Secunia rates the problem as highly critical, however the Mozilla Foundation has yet to release an official statement - and patch.

Whether the exploit has already been widely circulated or used on a large scale remains unknown. The H is reporting that according to the analysis on the Extraexploit blog, a significant increase in the number of Firefox 3.6 crashes was noted on the 12th and 13th of February, but no-one can really say if this is related to the exploit or not.

Make sure to check for Firefox updates more often since the built-in update checker is very dull. Users with older versions of the Mozilla browser may update to Firefox 3.0.18 and Firefox 3.5.8.
[Via downloadsquad]