Firefox exploit in action?

Earlier this week, I blogged about a site doing a bunch of different exploits, depending on what you are running.

One of the things the site will do is detect if you have Firefox, and attempt to exploit it, using the InstallVersion.compareTo() vulnerability.

There are actually a number of sites running this exploit, and one of our researchers, Adam Thomas, was kind enough to take some pictures. Going to a site with an older version of Firefox got him just a bucket-load of spyware. Sunbelt BLOG: wanna see a Firefox exploit in action?

Linked by shanmuga Friday, 28th April 2006 12:28AM