Confirmation of Vulnerability of Mozilla Firefox 3.5
Confirmation of Firefox 3.5 has officially been made by the Mozilla Company. They suspect that the bug could be used to seize Mozilla’s most recently launched browser’s system.
Some have noted that it is possible that the hacker discovered the weakness by finding the source through the Mozilla change and bug- (aptly named ‘Bugzilla’) tracking database and information system. Then he posted the exploit code publicly online thereafter.
Even before exploit code was recently broadcasted online on milw0rm.com, the internet hacker who published it was not the first to discover the vulnerability. In fact, developers from Mozilla had already come across this discovery less than a week before the publishing of the exploit code and were already developing a solution for it.
Andres Gal, project scientist at University of California at Irvine contends that upon close inspection of previous test cases and the exploit code, this bug was a self-inflicted one, and in retrospect, Mozilla should have dealt with it earlier on. The foundation of the development of the TraceMonkey engine is built on the sharing of open source code in the technique “trace trees” used in a project called Tamarin Tracing. Others agree that Bugzilla was built on the test cases of the same bug, and when looking through the debugger’s crash details during testing, it was clear that the code could be easily detected and exploited.
As of July 2009, there is a schedule for the fast-track update for Firefox 3.5 to be released before the end of the month. According to Daniel Veditz, Mozilla’s security lead, the update is being prioritized and has been worked on even before the posting on milw0rm. Although the original update was scheduled originally for the end of July, the problem has caused them to release it ahead of schedule, a short time after Firefox 3.5’s recent launch on June 30, 2009.