Crashing bug in Firefox prompts early update next week

Guido Landi, an Italian hacker, has disclosed the details of a previously unknown crashing bug including a proof of concept consisting of  XML and XSL files that are loaded in an internal frame resulting in a Firefox 3.0.7 crash on all platforms.

There is no known exploit at this time, but since it has already been disclosed, Mozilla has decided to release the next Firefox update, 3.0.8, next week, about a week ahead of the targeted mid-April.

Mozilla’s Giorgio Maone explains a mitigation tip: “Like the vast majority of [crashing bugs, it] is not exploitable if you’ve got JavaScript and other active content disabled on the attacker site, because reliable exploitation requires scripting to “spray the heap”, i.e. to inject the malicious payload at the right places of your memory for execution.  Therefore you can easily survive until the automatic update kicks in, if you don’t mind the possibility of an annoying but not dangerous crash.”

The bug does not affect the latest Firefox 3.5 nightlies and results in an expected XML parsing error.