CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

Mozilla: Bug in Firefox 3.5.1 isn't exploitable.   Logged in as: Guest
Viewers: 1136 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Software News >> Mozilla: Bug in Firefox 3.5.1 isn't exploitable. Page: [1]
Login
Message << Older Topic   Newer Topic >>
Mozilla: Bug in Firefox 3.5.1 isn't exploitable. - 7/20/2009 7:16:50 AM   
astra

 

Posts: 462
Joined: 4/1/2009
Status: offline
A bug discovered in the latest version of Firefox is not exploitable, Mozilla said on Sunday, responding to reports of another vulnerability in the browser.

Mozilla released Firefox 3.5.1,, the latest version of the browser, last Thursday. The release fixed several recently discovered security holes in version 3.5, which came out in June.

Among the security holes that were closed was a critical vulnerability that allowed an attacker to install and run code on a PC without any interaction from the victim.

On Friday, reports began to emerge of a stack-based buffer overflow vulnerability in Firefox 3.5.1 that could be used to gain access to a computer or launch a distributed denial of service attack. But after examining the reported vulnerability, Mozilla said that's not the case.

"The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability," wrote Mike Shaver, Mozilla's vice president of engineering, in a blog post on Sunday.

The bug causes Firefox 3.5 and Firefox 3.5.1 to crash on a Windows PC, but does not give an attacker access to the PC, Shaver said, calling the crash "safe and immediate."

The bug can also cause Firefox 3.0 and 3.5 to crash on Apple computers.

"A crash occurs inside the ATSUI system library (part of OS X), due to what appears to be a failure to check allocation results," Shaver said, adding the same issue could affect other applications using text-handling libraries in MacOS X. "We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code."

http://www.computerworlduk.com/

Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Software News >> Mozilla: Bug in Firefox 3.5.1 isn't exploitable. Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.031