Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox news

Published: 2010-10-26
Last Updated: 2010-10-26 19:02:22 UTC
by Pedro Bueno (Version: 1)
6 comment(s)


So, this is not a marketing or just news about Firefox. :)
The reason for this post is that Firefox is the subject of two quite interesting security related news.

Starting on the first one.
There is a 0day vulnerability for Firefox, including the latest version. This vulnerability is already being exploited, so beware...

The good thing is that Mozilla is quite fast on those and already confirmed the issue and is working to get it fixed.

The second one is related to an Firefox extension released yesterday. It is called Firesheep.

In summary, it is an addon that will make it really easy to basically anyone hack accounts by sniffing traffic on public hotspots, such as airports, coffee shops,etc...
Hacking accounts by sniffing traffic on unsecured wifi networks is not really difficult, but until now, you would need some additional steps to accomplish it, but with Firesheep it is all there for you...really recommend a check on it.

PCWorld has a good write up on it.

Thanks for the readers that pointed that out.

----------------------------------------------------------------------------------------------------

Pedro Bueno (pbueno /%%/ isc. sans. org)

Twitter: http://twitter.com/besecure

Keywords: 0day firefox hack wifi
6 comment(s)
Diary Archives