mozilla links
ShareThisGuido Landi, an Italian hacker, has disclosed the details of a previously unknown crashing bug including a proof of concept consisting of XML and XSL files that are loaded in an internal frame resulting in a Firefox 3.0.7 crash on all platforms.
There is no known exploit at this time, but since it has already been disclosed, Mozilla has decided to release the next Firefox update, 3.0.8, next week, about a week ahead of the targeted mid-April.
Mozilla’s Giorgio Maone explains a mitigation tip: “Like the vast majority of [crashing bugs, it] is not exploitable if you’ve got JavaScript and other active content disabled on the attacker site, because reliable exploitation requires scripting to “spray the heapâ€, i.e. to inject the malicious payload at the right places of your memory for execution. Therefore you can easily survive until the automatic update kicks in, if you don’t mind the possibility of an annoying but not dangerous crash.”
The bug does not affect the latest Firefox 3.5 nightlies and results in an expected XML parsing error.
[...] disclosed in the last few days. One uncovered last week during the CanSecWest Pwn2Own contest; the other published a couple of days ago by an Italian [...]
[...] disclosed in the last few days. One uncovered last week during the CanSecWest Pwn2Own contest; the other published a couple of days ago by an Italian [...]
[...] disclosed in the last few days. One uncovered last week during the CanSecWest Pwn2Own contest; the other published a couple of days ago by an Italian [...]
Firefox is now at 3.0.8, however it still is crashing!
Why didn’t the upgrade fix the issue?
My laptop has automatically instaleld the update of the latest firefox which keeps crashing. How do i stop this from happening?
[...] Firefox 3.0.8, cuya salida estaba prevista para mediados de abril, tal y como sepuede leer en Mozilla Links. Enviar a menéame | Enviar a [...]