Another serious hole in Fx 3.5 within a week from the previous one....

[polonus]

Hi malware fighters,

After a serious hole was being patched with Firefox 3.5.1 and yet another serious hole has been found up within a week's time, that apparently still exists in 3.5.1. The  "Unicode Data Remote Stack buffer overflow" was reported July 15th, see the POC here: http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html
According to the Internet Storm Center Fx 3.5.1. is also vulnerable. The exploit, it is remote stack-based buffer-overflow vulnerability that can make the browser crash or enable remote code execution, so successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions,

The NoScript extension for Firefox protects against this, as long as you don't whitelist the malicious code as trusted,

polonus

[Alan Baxter]

Mozilla has determined the problem isn't exploitable.  The authorities have been notified so they can update their advisories to something less alarming.
http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/

[polonus]

Hi Alan Baxter,

Good reporting, right on the ball. We say with a Dutch proverb: "the soup is never eaten as hot as it is being served", and that is true in this case,

polonus