Firefox 3.5.1 Crashed By A Simple JavaScript

[bochiman]

It could be hard to believe, but after the recent release of Firefox 3.5.1 update, a new security flaw that allows remote code execution through JavaScript code was discovered. A proof of concept for the exploit code was also made public and it works, because Mozilla Firefox browser is still vulnerable to a stack-based buffer overflow. The attacker could generate the buffer overflow by sending long Unicode strings to the document.write method and in this way is possible the remote code execution to compromise an operating system or a DOS (Denial Of Service) attack.

Read More

[andsome]

So much for those on here who try to kid us that FF is waterproof. :lol:

[catgate]

This just goes to prove that every thing comes to he who waits....and by gum you have waited for this.

By my reckoning that makes the score IEx 254, FFx 1.

[Hb_Kai]

True. And when IE gets released with security vulnerabilities like this one, everyone has to know about it... Firefox is a hippy compared to its whiney girl rival, Internet Exploder.

A note about this warning though; apparently it also counts for Flock users too. Not just Firefox users. Flock is still based on Firefox and has the same updates, only thing is Flock's updates are a little different.

I don't know where I found the link to this but I'll post it once I've found it.

[Gandalph]

I've been running FF 3.5.1 since it's release and so far no problems. Although I am running the Mac version, that could make a big difference.