0-day bug detected in Firefox 3.5 & 3.6
As the malicious page is visited, the JavaScript code checks both the operating system and the browser version and populates a specific area of the memory with two distinct payloads.
The former differs from one version of the browser to another and is aimed at triggering the exception in the browser, while the latter is identical for every version of the navigator and will execute the malicious file. If the user reaches the compromised page using a different browser or a Firefox version that is not vulnerable, the script will redirect the user to an about:blank page.
Successful exploitation will download a file called svchost.txt, an infected binary file that will be subsequently renamed as svchost.exe and executed on the victim computer. This specific piece of malware is detected as Backdoor.Belmoo.A, and allows a remote attacker to take control over the infected system.Firefox has also issued an update from 3.6.11 to 3.6.12 which is no longer vulnerable to this type of exploit. In order to stay safe, you are advised to update your browser and your local antivirus solution. BitDefender antivirus blocks access to the malformed web page before it gets to execute any code.