WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
It's not rare when a flaw disables Microsoft Internet Explorer (IE), but it is rare when the same flaw affects the alternatives.
That's the unfortunate case with a new bug that targets the Mozilla Browser, Mozilla Firefox, Opera and Apple Safari. It causes them to crash and could potentially form the basis of an exploit that would affect virtually all major browsers.
At present there are no confirmed exploits in the wild that expand the vulnerability to execute malicious code, though that may only be a matter of time.
Independent security researcher Berend-Jan Wever is credited with discovering the flaw. Though the flaw was just disclosed on security mailing lists, Wever has been aware of the flaw for some time and like many researchers had begun his efforts with a focus on IE.
The actual code required to crash the browsers has been publicly disclosed by Wever and contains only four lines of code.
Wever came under some fire from other members of the security community on various security mailing lists for disclosing the vulnerability, as well as his previous disclosures regarding the IFRAME vulnerability. In a public post, Wever defended his disclosure and reminded the community that other less scrupulous individuals exist that find vulnerabilities and exploit them for greater profit.
"What if I was without integrity, as some people would have it, and would write a worm exploiting some (or all) of the bugs I had found over the years?" Wever wrote.
Bug entries have been posted to Mozilla's Bugzilla reporting system, but at press time, Mozilla, Microsoft, Apple and Opera had not posted any patches for the flaw.