0-Day Bug in Firefox 3.5 & 3.6 – Update Now!
The former differs from one version of the browser to another and is aimed at triggering the exception in the browser, while the latter is identical for every version of the navigator and will execute the malicious file. If the user reaches the compromised page using a different browser or a Firefox version that is not vulnerable, the script will redirect the user to an about:blank page.
Successful exploitation will download a file called svchost.txt, an infected binary file that will be subsequently renamed as svchost.exe and executed on the victim computer. This specific piece of malware is detected as Backdoor.Belmoo.A, and allows a remote attacker to take control over the infected system.
BitDefender users have been protected since the emergence of the new exploit (detected as Exploit.CVE-2010-3765.A), which means that the antivirus blocks access to the malformed web page before it gets to execute any code.
Firefox has also issued an update from 3.6.11 to 3.6.12 which is no longer vulnerable to this type of exploit. In order to stay safe, you are advised to update your browser and your local antivirus solution.
Technical analysis of the exploit file available courtesy of BitDefender Malware Researcher Octav Minea.