The Tech Herald

New vulnerability discovered for Firefox 3.5.1 (Update)

by Steve Ragan - Jul 18 2009, 18:30

Update:

Mozilla says that the reports from SANS and IBM are incorrect. Based on internal testing, the vulnerability is not exploitable.

"In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability," wrote Mike Shaver on the Mozilla Security Blog.

"As a result of our analysis, we do not believe that this represents an exploitable vulnerability in Firefox. Further, we believe that the IBM report is in error, and that the severity rating in the National Vulnerability Database report is incorrect. We have contacted them and hope to resolve the inaccuracies shortly."

Original Article:

On Thursday or early Friday, depending on how you look at it, Mozilla released Firefox 3.5.1 to address a vulnerability in the Just-in-Time (JIT) compiler. Now, there are confirmed reports of a second vulnerability, exploit code already published, which affects Firefox 3.5.1, and other versions could be vulnerable as well.

The vulnerability was reported to SecurityFocus (BID 35707) on July 15. This morning, a report from SANS Internet Storm Center, followed by an IBM ISS X-Force alert, confirmed that this vulnerability was confirmed present in Firefox 3.5.1.

The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution,, or if exploit attempts fail, a denial of service scenario. The flaw has posted proof-of-concept code, which can be viewed here.

According to several sources, there is no patch at this time for the vulnerability. In addition, this vulnerability was discovered by the same person who published details on the previously patched flaw.

According to a comment on SANS ISC, eEye has said that in this case NoScript might not help. "Note: Although Javascript access can be restricted with applications such as the NoScript Add-On, it may still be possible for the browser to be exploited if an untrusted website is loaded (with/without the consent of the user, for example, via XSS or compromised-whitelisted website)"

If Mozilla issues a comment or if there is more information to report, we will update this story.

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

Fastest Car in The World: The ultimate guide

EVERYONE wants to know what the fastest car in the world is and here is a list of the cream of the crop. It gives you a thorough guide as to the main contenders, talks you through the rest of the world’s fastest automobiles, and reveals the two main future potential holders of the most [...]

The post Fastest Car in The World: The ultimate guide appeared first on Autosaur.

World’s first flat-pack truck the OX could help Africa

A flat-pack truck which can be put together by anyone in just half a day has been invented to help people living in remote places in Africa and other parts of the developing world. The OX is shipped in pieces but can be assembled with just three people in 11.5hours — and they need no [...]

The post World’s first flat-pack truck the OX could help Africa appeared first on Autosaur.

Nissan 370Z Nismo to rock the Gumball 3000 rally

The Nissan 370Z Nismo will be one of the cars in the 2013 Gumball 3000 rally where  — as the guys from TV show Jackass put it — “filthy stinking rich” people drive super-expensive cars 3,000 miles through 13 countries across Europe. The car, above, will be driven by a team from publishing and production [...]

The post Nissan 370Z Nismo to rock the Gumball 3000 rally appeared first on Autosaur.