Mozilla confirms new crash bug in Firefox 3.5.1 not exploitable

Mozilla has confirmed a crash bug in the latest Firefox 3.5.1 related to how its JavaScript handle certain long Unicode strings that could lead to a crash on Mac OS X, Windows and Linux.

Mozilla states that despite what several media outlets and security organizations reported over the weekend, it is not an exploitable vulnerability that could lead to malicious code execution, so it is not a critical flaw.

“We do not believe that this represents an exploitable vulnerability in Firefox. Further, we believe that the IBM report is in error, and that the severity rating in the National Vulnerability Database report is incorrect. We have contacted them and hope to resolve the inaccuracies shortly.”, concluded Mike Shaver, Mozilla VP of Engineering.

EDIT: As noted in the comments, since its not an exploitable bug, then this is not a security vulnerability, hence, this post’s previous title was dumb. Corrected.

Also, Security Focus has updated its report describing this bug as a denial of service.

3 Comments

  1. Jordan July 20, 2009 11:40 am 

    Um, no. “Not exploitable” means it isn’t a security flaw at all, but just a run-of-the-mill crash.

  2. Kyle August 3, 2009 8:12 pm 

    I was wondering why Firefox wouldn’t open, and just crashed every time i tried to load it. Then I found this article. I’m using Chrome until the new update comes out. The only reason I haven’t permanently switched to Chrome is simply because of Firefox Add-Ons. I use them so much.

  3. Mick November 1, 2009 10:25 pm 

    Hey, it’s only a FREEKIN CRASH!…nothing to worry about.

    How about this folks, you are going to lose every customer you have if you don’t fix it!

Comments are closed.