Firefox
Firefox open to buffer overflow
R E L A T E D   C O N T E N T
Similar articles
KnowledgeBANK
News centre
More from vnunet.com
ADVERTISEMENT

Security hole hits Firefox

Buffer overflow flaw affects all versions of the open source browser

Tom Sanders in California, vnunet.com 12 Sep 2005
ADVERTISEMENT

Mozilla's Firefox browser is susceptible to a buffer overflow attack that is deemed 'highly critical', users have been warned.

The flaw was discovered by security expert Tom Ferris and affects all versions of the open source browser up to 1.0.6, as well as the beta for Firefox 1.5, he reported on his website

The vulnerability allows an attacker to remotely execute code on a compromised system through a buffer overflow attack.

Demonstrating the vulnerability, Ferris offers a link to a page where a specially crafted URL will cause the browser to freeze and eventually crash, closing all browser windows. Microsoft's Internet Explorer is unaffected by the flaw.

Ferris reported the issue to Mozilla on 4 September, but allegedly decided to go public after a disagreement with the organisation.

Mozilla has published a patch that protects the browser against sites seeking to exploit the flaw, and has posted instructions for a manual workaround.

Firefox uses its record on security as a principal selling point in enticing users to switch from Internet Explorer. But although Microsoft's browser has been hit with a series of vulnerabilities, Firefox has also had its share of problems recently. 

See also:

Delays hit Firefox development
Next public version scheduled for September  25 Jul 2005
Firefox
Spammers hack Firefox support site
Trying to send spam to the savvy  18 Jul 2005
Users urged to upgrade to new version
Mozilla fixes Firefox flaws
Foundation responds quickly to security bug  13 May 2005
Users advised to diasable JavaScript in Firefox browser
Firefox hit with new critical flaws
Holes could allow hackers to implant Trojan or key-logger  09 May 2005
Malicious code in an image could enter PC through browser
Mozilla fixes new Firefox flaw
Users urged to download patched version immediately  24 Mar 2005

All Applications

Like this story? Spread the news by clicking below:

Post this to Delicious del.icio.us    Post this to Digg Digg this    Post this to reddit reddit!

Permalink for this story

M A R K E T P L A C E
Sponsored links
F E A T U R E D   J O B S
Portal Systems Manager
Leeds, United Kingdom | UKCRN
 Portal Systems Manager, Leeds Besides taking responsibility for the day-to-day technical operations of our portal, you'll also manage the systems and administration team. It's vital that you understand the strategic aim of the Portal and, ... more >
Business Applications Analyst
London, United Kingdom | ACAS
Business Applications Analyst, London, £28,683 - £38,470 The Advisory, Conciliation and Arbitration Service (ACAS)] is a publicly-funded body with over 30 years experience of working with employers, employees and trade unions to deliver better employment ... more >
C# ASP.Net Developer
Buckinghamshire, United Kingdom | Grass Roots
C# ASP.Net Developer, Aylesbury, Buckinghamshire, Excellent Salary + Benefits Grass Roots are one of the Sunday Times Top 100 companies to work for (2007 and 2008). Established in 1980, we're part of the Grass Roots ... more >
Portal Systems Administrator
Leeds, United Kingdom | UKCRN
Portal Systems Administrator, Leeds As part of this crucial team, your responsibilities will include the support and maintenance of the Portal to support both national research programmes and non-research activities. Systems administration will occupy much ... more >
More job opportunities

Useful links: About us . Privacy policy . Terms & conditions . Site map . Bookmark this site . Accessibility
Consumer Technology websites:
Active Home Product reviews, competitions, news
Computeractive Software reviews, hardware reviews, buyers' guides, workshops, downloads
Gizmodo the daily gadget blog: technology news and reviews
PC Magazine your personal guide to technology
PCW software product reviews, hardware product reviews, buyers' guides, competitions
WebAct!ve what's happening on the web
What PC? helping you purchase the right computer, digital camera, peripherals, gadgets and more
Blogs:
Test Bed The PCW Labs blog, PCW Inter@ctive A reader blog from PCW. Your views, your comments, your say, Windows Watch Keeping an eye on the latest XP % Vista news
Jobs & Recruitment websites:
Accountancy Age Jobs Accountant jobs, jobs in finance, audit jobs, cima jobs, acca jobs, corporate finance jobs, management accounting jobs, finance director jobs, finance recruitment agency directory, Top 50 accountancy firms, accountant salary survey
Computing Careers IT jobs, Programmer jobs, Developer jobs, IT manager jobs, Project manager jobs, SAP jobs, Oracle Jobs, Java Jobs, IT recruitment agency directory, Top IT Employers 2005
Inquirer Jobs Software Engineer Jobs, firmware developer jobs, electronics engineer jobs
Other titles in the Incisive Media network:
Business Technology websites: BusinessGreen . Computing . Computing Business . CRN . The Inquirer . IT Week . vnunet.com
Business & Finance websites: Accountancy Age . Best Practice . Financial Director . Management Consultancy
© Incisive Media Ltd. 2008
Incisive Media Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, is a company registered in the United Kingdom with company registration number 04038503