The two pieces of exploit code, posted online earlier this week, take advantage of a security vulnerability in Firefox that Mozilla upgraded the severity rating of the flaw from "moderate" to "critical," its most serious rating.. In response to the exploit release, the browser maker on Tuesday
"This exploit was published after we released the 22.214.171.124 update," said Mike Schroepfer, vice president of engineering at Mozilla. "Most of our users had already been upgraded by the time this exploit was published."
The code could be used to commandeer computers running a vulnerable version of the open-source Web browser on Linux or Mac OS X systems. It has been published as part of the Metasploit Framework, a .
The specific flaw exists only in Mozilla advisory. The corruption would come from calling the "QueryInterface" method of the Location and Navigator objects in the browser.and was fixed in Firefox 126.96.36.199. The problem could cause a memory corruption an outsider could use to run code on a vulnerable PC, according to a
Firefox users have already been urged to install the patched version of the browser. Security monitoring company Secunia last week rated the Firefox update "highly critical," and Mozilla has pushed out updates.
If for some reason users have not upgraded, they should definitely do so, Schroepfer said.