Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Firefox Vulnerability Revealed

Posted by Soulskill on from the whack-a-fox dept.

Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).

Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.

9 of 250 comments (clear)

  1. Unbounded by Mikkeles · · Score: 5, Funny

    So who's the moron using unbounded buffers?

    --
    Great minds think alike; fools seldom differ.
    1. Re:Unbounded by maxume · · Score: 5, Informative

      This is another, different bug than the one talked about in the first link. None of the other links specify whether this second bug is from the JIT or not.

      --
      Nerd rage is the funniest rage.
    2. Re:Unbounded by EsbenMoseHansen · · Score: 5, Funny

      What are six words you never, ever want to hear?

      "I have a headache tonight, dear"

      --
      Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
    3. Re:Unbounded by FatdogHaiku · · Score: 5, Funny

      Ladies and Gentleman, President Jeb Bush.

      --
      You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  2. fix: by Anonymous Coward · · Score: 5, Funny

    document.write = function(){ alert("This website was designed by a fucking idiot."); };

    1. Re:fix: by nacturation · · Score: 5, Funny

      I tried this using greasemonkey and wanted to thank you for it, but I had to switch to Internet Explorer to post the reply as for some reason Slashdot started bringing up a million alert boxes.

      --
      Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  3. Re:You can't be serious! by BZ · · Score: 5, Informative

    It's not a buffer overflow. It's a missing OOM check leading to a non-exploitable (well, if your kernel is sane; some Linux versions are not) null-dereference crash.

    Note also that the article linked to is misreporting this in other ways as well; unfortunately I'm not at liberty to go into details on that yet. :(

  4. Firefox sucks by isa-kuruption · · Score: 5, Funny

    This is the reason why I avoid crappy software like Firefox and stick to MSIE! Firefox is riddled with bad, bloated code making it easily subjectable to these types of attacks. On top of that, the development model allows mistakes like this to get into the codebase without proper quality assurance.

    If I have to /sarcasm, I will kill you.

  5. Re:You can't be serious! by BZ · · Score: 5, Informative

    Ok, here's the full deal:

    1) The crash is not exploitable, for anyone who's been able to reproduce it so far.
    2) The crash is in system text-rendering libraries (which apparently don't check for
          out-of-memory much), not in Firefox code, for everyone who's been able to
          reproduce it so far.