Firefox 3.5.1 at risk? Maybe, maybe not.
Mozilla just patched their Firefox 3.5.x browser last week - but security researchers are already claiming there is yet another security flaw.
Mozilla disputes the claim.
"In the last few days, there have been several reports (including one via SANS)
of a bug in Firefox related to handling of certain very long Unicode
strings," Shaver stated on the Mozilla Security Blog. "While these strings can result in crashes of some versions of
Firefox, the reports by press and various security agencies have
incorrectly indicated that this is an exploitable bug. Our analysis
indicates that it is not, and we have seen no example of exploitability."
Bugs that trigger crashes are not uncommon on Firefox and a search through the bugzilla database will find a few of them. The catch in my opinion is always whether or not the flaw is exploitable - a crash, by itself - while annoying - is not necessarily a critical security issue.