Adobe Systems yesterday patched three new vulnerabilities in Flash Player which are being used by hackers to attack Firefox users.
The vulnerabilities are being used by attackers to home in on zero-day vulnerabilities in the media player browser plug-in.
“Adobe is aware of reports that CVE (common vulnerability exposures)-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick users into clicking a link which directs to a Web site service malicious Flash content,” an advisory issued by the company said. “The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.”
The patched versions of Flash Player for Windows, Mac, and Linux can be downloaded from Adobe’s Web site.
The Networkworld.com report said Mozilla has not replied to questions about the attack which according to Adobe singles out Firefox.
In January Mozilla had taken steps secure Firefox. The company said it was automatically disabling all plug-ins in Firefox except for the latest version of Adobe’s Flash Player.
Mozilla said this was to safeguard users against drive-by attacks, which trigger exploits when victims visit a compromised Web site.
Since the attacks mentioned by Adobe involve unpatched flaws in the latest version of Flash Player, Mozilla’s maneuver might not have protected Firefox users.
Read the whole story here