Slashdot Mirror
New Firefox Vulnerability Revealed
Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Whereas entitlement mentality regarding access to other people's content is fair game, right?
But the 95% percent of people with functioning browsers might appreciate those features, so why do the people stuck in 1996 get to dictate what's useful and what's not?
unless there is a compelling requirement to do so
Everyone has JS. There's no reason to have to justify it's use anymore. It's there, it can be used.