wraggster
July 19th, 2009, 20:32
Not long after Firefox 3.5.1 was released to address a security issue, a new exploit has been found and a proof of concept has been posted. "The vulnerability is a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution, or if the exploit attempts fail, a denial-of-service scenario." It's recommended that Firefox users disable Javascript until the issue is patched, though addons like NoScript should do the trick as well (unless a site on your whitelist becomes compromised)
http://tech.slashdot.org/story/09/07/19/169206/New-Firefox-Vulnerability-Revealed
http://tech.slashdot.org/story/09/07/19/169206/New-Firefox-Vulnerability-Revealed