Peaches Posted July 20, 2009 Report Share Posted July 20, 2009 Buffer overflow in Firefox 3.5.1 A security vulnerability in Firefox 3.5 that became known four days ago also affects the, very recently released, current version 3.5.1 of Firefox. A JavaScript may be employed to pass a long Unicode string to the document.write() method, which then causes a buffer overflow. This may allow an attacker to run arbitrary code. If that doesn't work, the browser will probably claim a large amount of memory, freeze, or crash.SecurityFocus demonstrates this with a simple exploit. IBM Internet Security Services and the National Vulnerability Database also classify the vulnerability as critical. There's no protection against this security vulnerability at the moment, other than switching off JavaScript, which for most web users isn't very practicable.See also:Corrupt JIT state after deep return from native function, security advisory from Mozilla.Mozilla confirms critical vulnerability in Firefox 3.5, a report from The H.Slow Firefox 3.5 start up time, a report from The H.First Zero Day Exploit for Firefox 3.5, a report from The H.Heise security - http://www.h-online.com/security/Buffer-ov...1--/news/113792>>>>>>>>>>>>>>>> Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.