It seems like Internet Explorer has been given a lot of heat lately with a rash of 0day vulnerabilities, and if you do use IE then do yourself a favor and visit ZERT, but has the time come for Firefox to shine as well? If you take a brief look at the list of publicly known vulnerabilities in Firefox it should come as no surprise that there will naturally be a slew of undisclosed vulnerabilities as well.

At the ToorCon 2006 conference, Mischa Spiegelmock and Andrew Wbeelsoi made a point out of demonstrating a live exploit running in Firefox 1.5.0.7. Their main motivation was appareantly to create bot networks for their personal use, or in their own words - “communication networks for black hats”.
(more…)