Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Firefox Vulnerability Revealed

Posted by Soulskill on from the whack-a-fox dept.

Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).

Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.

5 of 250 comments (clear)

  1. Re:Defective by design by TheRaven64 · · Score: 4, Interesting

    Is this a new copy-and-paste troll? Almost the same post appeared in the Linux kernel exploit article. Apparently some people missed the Defective by Design campaign and are completely unaware that it relates to DRM, not to arbitrary bugs.

    --
    I am TheRaven on Soylent News
  2. Re:Unbounded by nathan.fulton · · Score: 3, Interesting

    Well, seeing as the bug was found in the Just-in-Time compiler (first link), probably someone who is concerned that the section of the code that they are working on will become a bottle neck, or someone that has to do special stuff that requires unbounded buffers.

  3. automate protection by Anonymous Coward · · Score: 4, Interesting

    These recurring requests to turn off something are getting annoying. Why not automate the process? Set up a page somewhere like
    www.mozilla.com/firefox/3.5.1/current-safety.txt

    which would list something like
    javascript: unsafe
    java: safe
    flash: safe

    Then by default your browser would fetch that file and automatically implement Mozilla's recommendation of the day.

  4. Re:That's notthe first time by ciroknight · · Score: 3, Interesting

    Fix once, fix forever

    The bug is in the Just-in-Time compiler inside of SpiderMonkey (TraceMonkey). This is brand new code as of 3.5.x. Of course there will be a ton of bugs found in it (just like the ton of bugs that have cropped up in SquirrelFish and have been subsequently patched).

    I have to wonder why it's taken so long for anybody's security team to look at this code though. You'd think they'd look at this code before release and not after.

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
  5. Re:Turn off javascript... by Just+Some+Guy · · Score: 4, Interesting

    Wouldn't avoiding javascript make webpages smaller & therefore load faster?

    Nope. To the contrary, a well-designed AJAX page that dynamically reloads sections instead of the entire page can potentially be much faster. Take the example of registering for a site account. Old way:

    1. User enters a username, submits the form.
    2. That username is taken, so the server sends back the whole page plus the error message.

    New way:

    1. User enters a username, clicks or tabs to the next field.
    2. Their browser sends a validation request via AJAX.
    3. That username is taken, so the server sends back the error message.
    4. The client displays the error message and returns focus to the username field.

    Alternatively, look at Slashdot itself. Yeah, it has its issues, but I have to say that I love the dynamic content loading. That's so much better (and easier on bandwidth!) than having to load a whole page just to expose a collapsed comment.

    --
    Dewey, what part of this looks like authorities should be involved?