New Vulnerability Discovered in Firefox 3.5.1 (update)
20 july 2009
Mozilla says that the reports from SANS and IBM are incorrect. Based on internal testing, the vulnerability is not exploitable.
"In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability," wrote Mike Shaver on the Mozilla Security Blog.
"As a result of our analysis, we do not believe that this represents an exploitable vulnerability in Firefox. Further, we believe that the IBM report is in error, and that the severity rating in the National Vulnerability Database report is incorrect. We have contacted them and hope to resolve the inaccuracies shortly."
19 july 2009
On Friday, Mozilla released Firefox 3.5.1 to address a vulnerability in the Just-in-Time (JIT) compiler. Now, there are confirmed reports of a second vulnerability, exploit code already published, which affects Firefox 3.5.1, and other versions could be vulnerable as well.
The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution or if exploit attempts fail, a denial of service scenario. The flaw has posted proof-of-concept code, which can be viewed here.
Currently there is no patch for this vulnerability In addition, this vulnerability was discovered by the same person who published details on the previously patched flaw.
AKS-Feel The Change! 