New Firefox Vulnerability Revealed
Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Except in this case, NoScript still provides a small barrier unless you whitelisted every website.
Firefox isn't perfect but at least it's not a horribly-slow-to-fix pile of garbage like IE.
But you're also right: Unknown exploits and flaws are potentially harmful no matter which software you use. Thanks for the warning.
Whereas entitlement mentality regarding access to other people's content is fair game, right?
But the 95% percent of people with functioning browsers might appreciate those features, so why do the people stuck in 1996 get to dictate what's useful and what's not?
unless there is a compelling requirement to do so
Everyone has JS. There's no reason to have to justify it's use anymore. It's there, it can be used.
nobody gives a fuck about what you think