Norman is currently warning about a new Firefox 0day discovered on the Nobel Peace Prize site. I don’t have much more information than that, mostly because all the “here’s the exploit details” links just talk about the delivered payload and not about this nifty Firefox 0day.
They “recommend all Internet users be cautious when surfing the net.” Really? So browsing the Nobel Peace Prize site on Tuesday would be ok if done…cautiously? Maybe click slower? Meh…this sort of advice does no one any good. Unfortunately, without knowing about this 0day, there’s not much to say other than don’t run scripts and, for home-bound geeks, watch your outbound traffic for strange things (like connections to Taiwan). For enterprise geeks, maybe inspect DNS requests for the flagged destinations and/or poke your IDS/IPS sigs. Hell, just blackhole or egress-block those destinations. Still, these are containment/detection tips…again none of which helps prevent the Firefox 0day.
weird that norman, known for their sandboxing technology, wouldn’t tell people to use their browser in a sandbox – but i guess that’s because norman’s sandbox isn’t that sort of sandbox.
an application sandbox would be my go-to suggestion for this sort of threat, however. and since you never know when there are or aren’t as yet undiscovered 0days out there it’s probably best to always use your browser (and any other internet-facing app) from a sandbox.