Four days ago we talked about a critical Java script vulnerability in Firefox 3.5, which allows the attacker to execute arbitrary code on victim’s PC. Later on July 17th , Mozilla team fixed this issue by releasing Firefox 3.5.1.
Now SecurityFocus disclosed another Critical vulnerability found in Firefox.
[ad#ads-inner]
According to SecurityFocus
“The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario.”
The solution is to use Noscript addon or disable JavaScript . But ,According Mozilla security blog this vulnerability is not exploitable.
via Downloadsquad and Ghacks