iTWire - Firefox 3.5: new vulnerability, new version

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Firefox 3.5: new vulnerability, new version

Firefox 3.5: new vulnerability, new version

E-mail

by Stephen Withers
Friday, 17 July 2009
Another vulnerability has been found in Firefox 3.5 that may allow the execution of arbitrary code - 'browse and you're owned' in Microsoft-speak. Featured Whitepaper 5 Best Practices for Smartphone Support Like the JavaScript-related flaw disclosed earlier this week, the new stack buffer overflow vulnerability was disclosed by Simon Berry-Brown, this time in association with Andrew Haynes. Firefox 3.5.1 was released ahead of schedule on July 16 to address the issue with the TraceMonkey just-in-time JavaScript engine. (It wasn't available when I checked this morning [Australian time], but it is now - download it from Mozilla's web site , or use your preferred updating method.) The new problem is described as a "Unicode data remote stack buffer overflow vulnerability", and a proof of concept has been released. A buffer overflows if an excessively long string of data is sent to the document.write method, leading to the possibility of arbitrary code execution or a crash. It's not clear whether Firefox 3.5.1 also contains this vulnerability. The security software on my computers identifies the proof of concept as malware, and I'm not prepared to disable it just to find out. As of this writing, there's no mention of the issue in the Mozilla Security Blog. Tags See All Tags Browser Browsers Firefox JavaScript Linux Mac OS X Open Source Security Software Stephen Withers Unicode Vulnerability Windows Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

British Airways selects Progress Software SOA Solutions to upgrade the travel experience

...Promote your press-releases here

Latest jobs

User Experience Architect (C4)
Consulting Services Branch Manager
Process Analyst X 4 (M4)
Content Co-Ordinator (M3)
Senior .Net Developer (M3)
Business Analyst (M17)
Test Lead
Senior Business Analyst
Business Analyst - Financial Markets, Ops focus
Technical Business Analyst - BI & DW - Contract

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking