Firefox Password Manager Implementation Vulnerability

We have been focusing primarily on Internet Explorer vulnerabilities and detecting exploits against IE. One of the questions I sometimes get when I give talks is 'Why are you picking on IE?'. Well, it's not that we're picking on IE, it's that IE has the largest user base in the browser market, and as such, attackers see more potential in writing IE exploits.

That does not mean there will be no Firefox exploits. Firefox has its share of vulnerabilities as well. For example, this one was posted on Slashdot last week. The links on Slashdot explain the vulnerability very well, so I won't rehash it here. However, I will note that one of the modules we support in the HoneyClient architecture is Firefox. From the beginning, we were interested in not only finding 0-day exploits against IE, but also against Firefox.

We're currently in the process of gathering data with our IE module and the Firefox module, and we're looking forward to sharing information about new exploits we find using both the IE and Firefox modules.