Firefox 3.5.1 was released on Friday, July 17 which included a patch for the Just-in-time (JIT) JavaScript compiler exploit. However, a new stack-based buffer overflow vulnerability has been exposed with sample exploit code. An attacker can cause a buffer overflow and execute arbitrary code by sending a very long unicode string to the document.write JavaScript method.
Currently, there is no patch for this vulnerability. The NoScript Add-On will not help against this exploit because this vulnerability may be exploited if an untrusted site is loaded using XSS or a compromised white-listed site.
Mozilla has acknowledged the vulnerability, but claims that it cannot be exploited. Mike Shaver wrote the following on the Mozilla Security Blog:
“In the last few days, there have been several reports of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability.”
Related posts:
