July 20, 2009 at 08:20Another critical vulnerability, version 3.5.1 is also affected.
The National Vulnerability Database website has published information about another critical vulnerability in Firefox with a rating of “10 (HIGH)”, which applies to version 3.5.1 of this browser. On the IBM tracker, this vulnerability is also marked as HIGH Risk. The security focus site has published a proof of concept for this vulnerability.
The essence of the vulnerability is in the processing of very long unicode strings, which could lead to buffer overflows and malicious code execution.
Mozilla responded to the discovery by saying that there was a vulnerability, but it could not be used to do harm, however, later in his post, an update appeared as follows
"thanks to Larry Seltzer for bringing to our attention that Firefox 3.5.x will indeed still crash using the provided PoC on Windows, at least for some users"
which means that at least some windows users are at risk.
The essence of the vulnerability is in the processing of very long unicode strings, which could lead to buffer overflows and malicious code execution.
Mozilla responded to the discovery by saying that there was a vulnerability, but it could not be used to do harm, however, later in his post, an update appeared as follows
"thanks to Larry Seltzer for bringing to our attention that Firefox 3.5.x will indeed still crash using the provided PoC on Windows, at least for some users"
which means that at least some windows users are at risk.