New Exploit: Critical JavaScript vulnerability in Firefox 3.5

This issue has been solved. See solution.
Abhishek Pradhan's picture

Anyone in Symantec want to throw any light on this? Has this issue been addressed in any of the latest RR's, or any new IPS Signatures?

http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/

Cycletech's picture

I am looking into this with

I am looking into this with our engineers. I will update here when i have information.

Thomas

Cycletech's picture

We have an IPS signature in

We have an IPS signature in the pipeline, and an AV sig in the field already.

Abhishek Pradhan's picture

Ok. Just checked this out.

Solution

Ok. Just checked this out. It's been addressed in the latest IPS siggys released on the 15th of July. :)

I was more seo concerned with the IPS signatures and not AV, as the AV component cannot detect an RPC attack / remote exploit over RPC.

This has been addressed.

Thanks Thomas & Delifeath for your inputs.

Abhishek Pradhan, MCT, PMP
ISMS Internal Auditor (ISO 27001), SIG Lead - Microsoft Pune User Group
http://hackatac.blogspot.com | http://www.puneusergroup.org
"You can always spot a happy biker by the bugs in his teeth....."

delifeath's picture

Where can we check to see

Where can we check to see what is updated in the IPS signatures as opposed to AV?  Thank you.

Sutton