Firefox Develops another Security Flaw
Firefox and its developer Mozilla seem to be having a tough time off-late. A major security vulnerability was discovered in the browser last week, and even as Mozilla has worked to patch it, yet another major flaw has cropped up.
Even as users across the world have started upgrading to the new version, SecurityFocus has reported the discovery of another vulnerability that afflicts both version 3.5 and 3.5.1. This time around, it is flaw that leads to a stack buffer overflow, and opens up the browser to a remote attacker.
Stemming from its Unicode text handling system, the flaw allows easy execution of arbitrary code just by visiting a website into which it has been embedded. Once the code is executed, it causes the browser to crash and leads to a denial of service. In certain situations, Windows itself will execute the code.
This flaw would make it really simple for remote attackers to gain access to a user’s system and have their way with it. While the first vulnerability has been patched, this latest one is still unresolved and so far, there does not seem to be any easy way out of it either.
Do you feel Mozilla released Firefox 3.5 much too quickly without sufficiently testing it? Talk about it in our Forums