[ insider_reports_insider ]
Firefox Fixing DoS Flaw Soon
David Utter
Staff Writer
2006-04-28
 Insider Reports RSS Feed
Another incremental release of the Firefox browser should be available online today in response to a zero-day exploit that became public earlier in the week.
 | | The Time Approaches for Firefox DoS Fix |  |
The Mozilla Foundation announced another update to the latest version of the Firefox browser will be forthcoming. The update arrives in response to a Javascript handling issue in version 1.5.0.2 of the browser.
"We are going to ship a smaller 1.8.0.3/1.5.0.3 release in order to quickly respond to a publicly reported security issue (bug 334515)," said the entry at Mozilla Wiki about the patch.
The exploit being addressed can cause a Firefox browser to crash immediately upon execution. A Javascript handling issue regarding iframe.contentWindow.focus() can be manipulated into a buffer overflow.
That causes Firefox to crash immediately. A proof of concept link in the Milw0rm list posting on the flaw placed an iframe in the Firefox window, then the code forced the DoS condition as described.
Since the flaw exploits Javascript, it is not limited to the Windows platform. Firefox running on Linux can be exploited in the same way.
The Secunia advisory website rated the problem 'not critical' since the contentWindow.focus() call only shuts down Firefox. It does not enable remote code execution or other threats.
---
Tag: Firefox
Add to | DiggThis | Yahoo! My Web | PreFound.com
Get all the updates in RSS: 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
