Slashdot Mirror


New Firefox Vulnerability Revealed

Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).

Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.

4 of 250 comments (clear)

  1. NICE TROLL BUDDY by Anonymous Coward · · Score: -1, Flamebait

    Except in this case, NoScript still provides a small barrier unless you whitelisted every website.

    Firefox isn't perfect but at least it's not a horribly-slow-to-fix pile of garbage like IE.

    But you're also right: Unknown exploits and flaws are potentially harmful no matter which software you use. Thanks for the warning.

  2. Re:Turn off javascript... by Anonymous Coward · · Score: 0, Flamebait

    Whereas entitlement mentality regarding access to other people's content is fair game, right?

  3. Re:Turn off javascript... by atraintocry · · Score: 0, Flamebait

    But the 95% percent of people with functioning browsers might appreciate those features, so why do the people stuck in 1996 get to dictate what's useful and what's not?

    unless there is a compelling requirement to do so

    Everyone has JS. There's no reason to have to justify it's use anymore. It's there, it can be used.

  4. Re:Turn off javascript... by Anonymous Coward · · Score: -1, Flamebait

    nobody gives a fuck about what you think