Back To General Discussion

Firefox 3.5.1 vulnerability

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Joined: May 28, 2003
  • Posts: 23403
  • Loc: Woodbridge VA
  • Status: Offline

Post July 20th, 2009, 6:21 am

From SlashDot
Quote:
Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).
"There's no place like 127.0.0.1 except for ::1."
Alexandria Networks. Leader in IT consulting for associations/non-profits, and small to medium sized businesses around the northern Virginia and Washington D.C. metro area.
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post July 20th, 2009, 6:21 am

  • spork
  • Brewmaster
  • Silver Member
  • User avatar
  • Joined: Sep 22, 2003
  • Posts: 6128
  • Loc: Seattle, WA
  • Status: Offline

Post July 20th, 2009, 9:38 am

Quote:
The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method.

Honestly, at this point you'd think that buffer-overrun vulnerabilities would be obsolete in software. *sigh*
The Beer Monocle. Classy.
  • levian
  • Born
  • Born
  • No Avatar
  • Joined: Jul 20, 2009
  • Posts: 3
  • Status: Offline

Post July 20th, 2009, 10:35 pm

no wonder my ff hangs for quite a few times already
since it was upgraded this morning.
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Joined: Jul 25, 2005
  • Posts: 2735
  • Loc: Nashville, TN
  • Status: Offline

Post July 21st, 2009, 4:39 am

levian wrote:
no wonder my ff hangs for quite a few times already
since it was upgraded this morning.


Doubtful that this overrun is the cause unless you visit exploitive sites quite often.
I'd love to change the world, but they won't give me the source code.

Page 1 of 1

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 132 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.