Norman Warns Concerning New Vulnerability in Firefox Browser

Oct 26, 2010, 10:35 ET from Norman ASA

FAIRFAX, Va., Oct. 26 /PRNewswire/ -- Norman ASA, a leading security company offering  products protecting government and enterprise networks and consumer desktops, today announced that its researchers have identified new Trojan malware that infected the Nobel Peace Prize site early Tuesday. The new Trojan was transmitted through a vulnerability in Firefox version 3.5 and 3.6.

The Norman Malware Detection Team in Oslo found that the attack was enabled by a zero-day vulnerability in the popular Firefox web browser and recommend all Internet users be cautious when surfing the net.  If a user visited the Nobel Prize site while the attack was active early Tuesday using Firefox 3.5 or 3.6, the malware might be installed on the user's computer without warning.

The malware would then attempt to connect to two Internet addresses, both which point to a server in Taiwan. If the connection was successful, the attacker would have access to the infected computer. This Trojan could be active on other websites.

All Norman antimalware solutions for consumers, the enterprise and government users have detection for this Trojan and any attempt at infection will be blocked.

More information about this exploit is available at:

A Trojan is malicious software (malware) that does unwanted actions - for example, it allows unauthorized access to a user's computer, most often to steal secrets such as passwords and financial information.  Mozilla Firefox is an open source web browser and is believed to be the second most widely used browser in the world.  A zero-day attack is a threat that tries to exploit Internet or computer software vulnerabilities while no patch or remedy is available.

About Norman ASA

Founded in Norway in 1984, Norman ASA is a global leader and pioneer in proactive content security solutions and forensics malware tools. Norman's proactive antimalware solutions, including malware analysis tools, network security and endpoint protection, are powered by patented Norman SandBox® technology and used by security solutions providers around the world.

Norman's unified core antimalware protection for clients, servers and network security are delivered as products and services designed to protect business communications and resources, including corporate and government networks and applications, remote employees, branch offices and extranets. Norman's solutions are available through Norman subsidiaries and a network of global partners. For more information, visit

For additional information:

John Callahan  

Norman ASA