Another Critical vulnerability Found in Firefox 3.5

Posted by

Another Critical security  vulnerablity in Firefox 3.5

Four days ago we talked about a critical  Java script vulnerability in Firefox 3.5, which allows the attacker to execute arbitrary code on victim’s PC. Later on July 17th , Mozilla team fixed this issue by releasing  Firefox 3.5.1.

Now SecurityFocus disclosed  another Critical vulnerability found   in Firefox.

According to SecurityFocus

“The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario.”

The solution is to use Noscript addon or disable JavaScript . But ,According Mozilla security blog this vulnerability is not exploitable.

via Downloadsquad and Ghacks