facebook rss twitter

Firefox 3.5.1 still crashing, but not exploitable, says Mozilla

by Parm Mann on 20 July 2009, 10:02

Tags: Firefox, Mozilla

Quick Link: HEXUS.net/qas37

Add to My Vault: x

Just days ago, Mozilla squashed 22 bugs - seven of which were rated as critical - be releasing the latest installation of its Firefox browser, version 3.5.1.

Unfortunately, that release was quickly followed with a number of reports suggesting that a stack buffer overflow vulnerability had been found in multiple versions of the browser, including the latest release.

Various reports have seemingly jumped the gun and suggested that the vulnerability - which relates to Firefox's handling of long Unicode strings - leaves Mozilla's browser exploitable to attackers wanting to execute malicious code. According to Mozilla, that's anything but the case.

In an announcement on its security blog, Mozilla's vice president of engineering Mike Shaver states:

"In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug."

According to Shaver, the bug can cause Firefox to crash on Windows or Mac computers, but users should not be worried about third-party exploits.



HEXUS Forums :: 2 Comments

Login with Forum Account

Don't have an account? Register today!
Went back to 3.11 like most people have on the mozilla forums. Its works well..

3.5.1 might offer great speed - but it doesn't f-ing work….

Poor mozilla, becoming a step closing to Microsoft, making stuff that doesn't work.
I'm sorry but the 2 browsers are worlds apart.

Personally, i have yet to experience a single crash in 3.5.1