Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Denial of Service Bug Found in Firefox 2

Posted by ryuzaki0 on from the be-more-secure dept.

An anonymous reader writes "A second security flaw that could cause the new Firefox 2 browser to crash has been publicly disclosed. The vulnerability lies in the way the open-source browser handles JavaScript code. Viewing a rigged Web page will cause the browser to exit, a representative for Mozilla, the publisher of the software, said Wednesday. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2, the representative said. This flaw in the JavaScript Range object is different than the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week. That bug is related to a more serious security hole, which was fixed in earlier versions of Firefox, the organization has said. The two 'crashers' are the only publicly released vulnerabilities that have been confirmed by Mozilla in the week since Firefox 2 was launched. The issues are only minor, the organization has said."

4 of 206 comments (clear)

  1. Old times by managementboy · · Score: 4, Insightful

    It used to be that if one an application crashed and it was called just that: it crashed. Today its a DOS attack! Imagine how many DOS my old Windows 3.11 had... come to think of it, it only had one DOS.

    We present "DOS reloaded"!

    1. Re:Old times by cperciva · · Score: 4, Insightful

      It used to be that if one an application crashed and it was called just that: it crashed. Today its a DOS attack!

      Not necessarily. Application-crashing bugs are Denial of Service bugs if they can be triggered remotely.

      There's a fundamental difference between "I can make my copy of FireFox crash" and "I can make your copy of FireFox crash".

      --
      Tarsnap: Online backups for the truly paranoid
    2. Re:Old times by jesser · · Score: 3, Insightful

      More to the point, there's a fundamental difference between "I can make your copy of Firefox crash when you visit my site" and "I can make your copy of Apache crash".

      Crash bugs in client software such as web browsers are "crashes", not "DoS vulnerabilities".

      --
      The shareholder is always right.
  2. Re:LOL IE Users! by Mikachu · · Score: 3, Insightful

    Except let's see how long it takes for the Firefox team to patch up these flaws as opposed to IE.