In association with heise online

19 July 2009, 14:40

Buffer overflow in Firefox 3.5.1 - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A security vulnerability in Firefox 3.5 that became known four days ago also affects the, very recently released, current version 3.5.1 of Firefox. A JavaScript may be employed to pass a long Unicode string to the document.write() method, which then causes a buffer overflow. This may allow an attacker to run arbitrary code. If that doesn't work, the browser will probably claim a large amount of memory, freeze, or crash.

SecurityFocus demonstrates this with a simple exploit. IBM Internet Security Services and the National Vulnerability Database also classify the vulnerability as critical. There's no protection against this security vulnerability at the moment, other than switching off JavaScript, which for most web users isn't very practicable.

Update - According to Mike Shaver, Mozilla VP Engineering, in a posting to the Mozilla Security blog the issue is not exploitable. Shaver says that on Windows, the overflow is caught as an exception and Firefox is safely terminated, while on the Mac, the crash occurs within an Apple library. Mozilla believes the reports are in error and disagrees with the severity rating. Although an update to the Mozilla posting, adds that an actual crash on Windows has been reported in the comments.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit