Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
General Topics
»
Another serious hole in Fx 3.5 within a week from the previous one....
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Another serious hole in Fx 3.5 within a week from the previous one.... (Read 2568 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34049
malware fighter
Another serious hole in Fx 3.5 within a week from the previous one....
«
on:
July 18, 2009, 10:28:34 PM »
Hi malware fighters,
After a serious hole was being patched with Firefox 3.5.1 and yet another serious hole has been found up within a week's time, that apparently still exists in 3.5.1. The "Unicode Data Remote Stack buffer overflow" was reported July 15th, see the POC here:
http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html
According to the Internet Storm Center Fx 3.5.1. is also vulnerable. The exploit, it is remote stack-based buffer-overflow vulnerability that can make the browser crash or enable remote code execution, so successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions,
The NoScript extension for Firefox protects against this, as long as you don't whitelist the malicious code as trusted,
polonus
«
Last Edit: July 19, 2009, 12:18:30 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Alan Baxter
Guest
Re: Another serious hole in Fx 3.5 within a week from the previous one....
«
Reply #1 on:
July 20, 2009, 01:27:34 AM »
Mozilla has determined the problem isn't exploitable. The authorities have been notified so they can update their advisories to something less alarming.
http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34049
malware fighter
Re: Another serious hole in Fx 3.5 within a week from the previous one....
«
Reply #2 on:
July 20, 2009, 01:54:29 AM »
Hi Alan Baxter,
Good reporting, right on the ball. We say with a Dutch proverb: "the soup is never eaten as hot as it is being served", and that is true in this case,
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
General Topics
»
Another serious hole in Fx 3.5 within a week from the previous one....