Firefox
Firefox open to buffer overflow
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Security hole hits Firefox

Buffer overflow flaw affects all versions of the open source browser

Tom Sanders in California, vnunet.com 12 Sep 2005
ADVERTISEMENT

Mozilla's Firefox browser is susceptible to a buffer overflow attack that is deemed 'highly critical', users have been warned.

The flaw was discovered by security expert Tom Ferris and affects all versions of the open source browser up to 1.0.6, as well as the beta for Firefox 1.5, he reported on his website

The vulnerability allows an attacker to remotely execute code on a compromised system through a buffer overflow attack.

Demonstrating the vulnerability, Ferris offers a link to a page where a specially crafted URL will cause the browser to freeze and eventually crash, closing all browser windows. Microsoft's Internet Explorer is unaffected by the flaw.

Ferris reported the issue to Mozilla on 4 September, but allegedly decided to go public after a disagreement with the organisation.

Mozilla has published a patch that protects the browser against sites seeking to exploit the flaw, and has posted instructions for a manual workaround.

Firefox uses its record on security as a principal selling point in enticing users to switch from Internet Explorer. But although Microsoft's browser has been hit with a series of vulnerabilities, Firefox has also had its share of problems recently. 

See also:

Delays hit Firefox development
Next public version scheduled for September  25 Jul 2005
Firefox
Spammers hack Firefox support site
Trying to send spam to the savvy  18 Jul 2005
Users urged to upgrade to new version
Mozilla fixes Firefox flaws
Foundation responds quickly to security bug  13 May 2005
Users advised to diasable JavaScript in Firefox browser
Firefox hit with new critical flaws
Holes could allow hackers to implant Trojan or key-logger  09 May 2005
Malicious code in an image could enter PC through browser
Mozilla fixes new Firefox flaw
Users urged to download patched version immediately  24 Mar 2005

All Applications

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
EDM Administrator
London, United Kingdom | The Crown Estate
 EDM Administrator - London - £22,300 to £24,200pa The Crown Estate is a unique organisation that manages a vast and varied property portfolio, comprising commercial, agricultural and marine interests throughout Britain. We are looking for an ... more >
ICT Project Officer
London, United Kingdom | City of London
ICT Project Officer - Guildhall, London EC2 18-month fixed-term contract Bring your project management expertise to one of the country's most prestigious institutions. The City of London is the local authority for the Square Mile, ... more >
Technical Hosting Engineer
Reading, Berkshire, United Kingdom | EDS
Technical Hosting Engineer Location - Reading Job Description: This is an applications infrastructure and engineering role within the team. This role is primarily focussed on developing and evolving a quarantine application hosting service. The quarantine ... more >
Communications Centre Engineer
Central London, United Kingdom | MI5 Security Service
Communications Centre Engineer - Competitive salaries + excellent benefits - Central London Getting the best out of technology is critical to helping us protect the UK. Join MI5 and use your skills and experience to ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Accessibility
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503