Oh no, not again! Now I might get exploited by this totally unimportant vulnerability which never effects anyone ever.
|The first major security flaw in the release branch of Firefox 3.5 may have been fixed, but the fun isn't over yet: another serious flaw has been discovered in the browser.|
Despite being recently updated to version 3.5.1, SecurityFocus is reporting on a stack buffer overflow vulnerability which affects both the original 3.5 release of Firefox as well as the latest 3.5.1 release.
The vulnerability, which comes about from the software's Unicode text handling system, allows a remote attacker to execute arbitrary code simply by embedding it into a web site: as soon as the visitor hits the affected page, the software crashes â€" leading to a denial of service attack â€" and under certain conditions the code will be executed by Windows.
With a simple exploit already available, it's fair to say that if the ne'er-do-wells aren't already using this as an attack vector it won't take them long to wise up.
Are you starting to question just how much work was done checking the security of this latest Firefox branch or is the Mozilla Foundation just having a bad week? Share your thoughts over in the forums
Firefox 3.5 Vulnerability Firefox 3.5 Heap Spray Vulnerabilty Author: SBerry aka Simon Berry-Byrne Thanks to HD Moore for the insight and Metasploit for the payload Loremipsumdoloregkuw Loremipsumdoloregkuwiert Loremikdkw # milw0rm.com [2009-07-13]