New Firefox Vulnerability Revealed 250
Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though add-ons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised).
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Update: 07/20 00:09 GMT by KD : An anonymous reader informs us that the Mozilla security blog is indicating that this vulnerability is not exploitable; denial of service is as bad as it gets.
Unbounded (Score:5, Funny)
So who's the moron using unbounded buffers?
fix: (Score:5, Funny)
Re:Just patch it and let's move on. (Score:3, Funny)
Slow News Day, Obviously (Score:1, Funny)
In other news, Apollo 11 was faked [rense.com].
A: Firefox users (Score:4, Funny)
If you use firefox, then you are the moron using unbounded buffers.
Re:fix: (Score:5, Funny)
I tried this using greasemonkey and wanted to thank you for it, but I had to switch to Internet Explorer to post the reply as for some reason Slashdot started bringing up a million alert boxes.
Firefox sucks (Score:5, Funny)
This is the reason why I avoid crappy software like Firefox and stick to MSIE! Firefox is riddled with bad, bloated code making it easily subjectable to these types of attacks. On top of that, the development model allows mistakes like this to get into the codebase without proper quality assurance.
If I have to /sarcasm, I will kill you.
Firefox Vulnerability (Score:3, Funny)
But, but, but, that's unpossible!
Re:Unbounded (Score:5, Funny)
What are six words you never, ever want to hear?
"I have a headache tonight, dear"
Re:Unbounded (Score:5, Funny)
I am shocked, shocked, to find unbounded buffer use in this open-source application.
--
Toro
Re:Unbounded (Score:4, Funny)
Again? That was my first reply, and it's a joke referencing Casablanca. I can format it the other way, if you like:
I am shocked, shocked, to find half-baked misinformation on this Slashdot web-forum.
Your reply is a meme syntax error: Response Out Of Range: !Sense of Humor ;^)
--
Toro
Re:Unbounded (Score:1, Funny)
"I'm gonna fuck you anyway, bitch."
Slashdot is packed with double-standards (Score:1, Funny)
This site is full of double standards. This is the same website that is against copyrights when it comes to piracy because it gets them stuff for free, but for copyrights when it comes to a GPL violation because the GPL gets them stuff for free. Whichever is the self-serving position is the one that's adopted.
Re:NoScript (Score:3, Funny)
You did not just say that. Tell me you did not just say that.
Re:Unbounded (Score:5, Funny)
Re:Unbounded (Score:1, Funny)
Re:NoScript (Score:3, Funny)
I'm not aware of any malware having been launched from facebook.com.
Re:Unbounded (Score:4, Funny)
"wow, its so small and cute"
Re:Slashdot is packed with double-standards (Score:1, Funny)
"The GPL assures the copyright of the software." - FSF website