Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: New Firefox Vulnerability - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Firefox Vulnerability

Something nice to start a friday morning...
An unpachted vulnerability was disclosed today in Firefox browser. According the advisory, "...the vulnerability is caused due to an error in the handling of an URL that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow.

Successful exploitation crashes Firefox and may potentially allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file."

Lets hope for a quick patch!

You can check the original advisory at Security Protocols and Secunia
Thanks Pat for pointing this out.


-------------------------------------------------------------------
Handler on Duty: Pedro Bueno < pbueno $$ isc . sans . org >

Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!