Firefox Develops another Security Flaw

"A second security vulnerability has been found in both Firefox 3.5 and 3.5.1."

Search News

Firefox Develops another Security Flaw
 
Firefox and its developer Mozilla seem to be having a tough time off-late. A major security vulnerability was discovered in the browser last week, and even as Mozilla has worked to patch it, yet another major flaw has cropped up.
 
The vulnerability last week was related to the JavaScript engine of Firefox 3.5 and left user systems exposed to remote code execution and thereby hacking. Mozilla worked quickly to patch this flaw and 22 other bugs and released Firefox version 3.5.1 on last Friday.
 
Even as users across the world have started upgrading to the new version, SecurityFocus has reported the discovery of another vulnerability that afflicts both version 3.5 and 3.5.1. This time around, it is flaw that leads to a stack buffer overflow, and opens up the browser to a remote attacker.
 
Stemming from its Unicode text handling system, the flaw allows easy execution of arbitrary code just by visiting a website into which it has been embedded. Once the code is executed, it causes the browser to crash and leads to a denial of service. In certain situations, Windows itself will execute the code.
 
This flaw would make it really simple for remote attackers to gain access to a user’s system and have their way with it. While the first vulnerability has been patched, this latest one is still unresolved and so far, there does not seem to be any easy way out of it either.
 
As the remote code would rely on JavaScript for its execution, the only option open to users at the moment is something like the NoScript plugin that would stop all script executions. While this might be an option, two security flaws cropping up within a week have raised serious doubts about the open-source browser and the testing conducted by the Mozilla Foundation before rushing ahead with the release.
 
Do you feel Mozilla released Firefox 3.5 much too quickly without sufficiently testing it? Talk about it in our Forums
«Prev 1 Next»

Most Recent Comments

14-07-2009, 14:09:45

mrapoc
I need a good source of RAM

Cheap yet low fail rate

Will be buying in bulks of twenty or something

For when I get to a PC repair job and they only have 256mb ram..

Too many times I have brought 2nd hand RAM only to have it not boot at all or bsod like a..

cheers

14-07-2009, 14:47:23

mighty_moll
Many sites and resellers offer discounts for bulk buys nowadays - but in my honest opinion i think you're going about it the wrong way. My mate is a 'pc doctor' and he doesn't carry around RAM with him in case the customer has too little. Instead, he talks to them about it and then orders it as and when its needed, as its actually always likely to be a virus or walware causing the problem.
He says that 80% of the time its a virus, 5 % of the time incorrectly fitted hardware or drivers / conflicts, 5 % hardware failure (such as a disk drive failing).
Most of the time it comes down to advising the customer that they need more RAM and making a small profit for supplying and fitting it. It never fails to have the odd bit of kit handy for getting someone up and runing there and then - but 9 times out of ten you'll have to take the PC away for a closer look.

14-07-2009, 15:43:04

Rastalovich
Keep an eye out for generic labeled stuff, actual shop names.

If ur order is going to be that high, actually email the retailer.

Ur not going to punish the ram, or seek to squeeze extra clocks out of it, or sell it as something it's not.

They'll mostly come from a company like Elpidya, just unbadged, unlabeled.

14-07-2009, 17:00:43

mrapoc
yeh cheers

ill look at buying say 5 sticks at a time so i will have spare and it wont cost the world

1gb or 512mb sticks? probably worth just getting 1gb nowadays

24-07-2009, 11:20:00

cavador
OCZ- Reaper may cause an combination error . My suggestion you to look for Mushkin - Supertalent
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.