Firefox 3.5.1 at risk? Maybe, maybe not.

From the ‘didn’t they just patch?‘ files:

Mozilla just patched their Firefox 3.5.x browser last week – but security researchers are already claiming there is yet another security flaw.

Researcher Simon Berry-Byrne – the same researcher that first posted the JavaScript exploit that was the key security fix in Firefox 3.5.1 – has posted proof of concept code that in his view, can lead to arbitrary code execution.

Mozilla disputes the claim.

Mike Shaver Mike Shaver VP Engineering at Mozilla is denying the report that Firefox 3.5.1 can be exploited by the new flaw. He is not however denying the fact that for some users, the flaw could lead to a browser crash or denial of service condition (my own quick test with the proof of concept crashed a 3.5.1 browser running on Windows XP SP 3).

“In the last few days, there have been several reports (including one via SANS)
of a bug in Firefox related to handling of certain very long Unicode
strings,” Shaver stated on the Mozilla Security Blog. “While these strings can result in crashes of some versions of
Firefox, the reports by press and various security agencies have
incorrectly indicated that this is an exploitable bug. Our analysis
indicates that it is not, and we have seen no example of exploitability.”

Bugs that trigger crashes are not uncommon on Firefox and a search through the bugzilla database will find a few of them.  The catch in my opinion is always whether or not the flaw is exploitable – a crash, by itself – while annoying – is not necessarily a critical security issue.

News Around the Web