Advertisement


Advertisement

Thread Rating:
  • 5 Vote(s) - 2 Average
  • 1
  • 2
  • 3
  • 4
  • 5
New vulnerability discovered in Mozilla’s Firefox 3.5.1 update for TraceMonkey!
Advertisement
#1
*

MozillaIn its first minor point update of the 3.5 series on early Friday, Mozilla released Firefox the 3.5.1, in an attempt to address a security vulnerability in the new 'hybrid' TraceMonkey JavaScript engine of the browser.

However, even with Mozilla's efforts to address the mentioned vulnerability in its Just-in-Time (JIT) compiler, there are fresh reports already of another vulnerability affecting Firefox 3.5.1 - which, according to security experts, might make other Firefox versions vulnerable as well.

Going by a report from SANS Internet Storm Center, followed by an IBM ISS X-Force alert, it has been conformed that the vulnerability - which was reported to SecurityFocus (BID 35707) on July 15 - was present in Firefox 3.5.1.

While security researchers like Simon Berry-Byrne have demonstrated how a malicious web page could use heap spraying to exploit the vulnerability and execute arbitrary code; Mozilla maintains that, as per internal testing, the mentioned vulnerability was not exploitable.

Mike Shaver, Mozilla's VP of engineering, said: "In the last few days, there have been several reports of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability."

Reply
Thanks given by:
Advertisement
Advertisement




Possibly Related Threads...
Thread Author Replies Views Last Post
  General News: Google Maps To Become More Accurate And Visually Appealing With New Update nairrk 0 191 08-19-2020, 06:17 PM
Last Post: nairrk
  General News: Facebook starts Instagram and Messenger chat integration in new update nairrk 0 227 08-15-2020, 06:24 PM
Last Post: nairrk
  General News: New Telegram update lets you send up to 2GB files and set profile videos nairrk 0 193 07-28-2020, 07:36 AM
Last Post: nairrk
  General News: Windows 10 May 2020 update starts rolling out: What's new, How to download and more nairrk 0 271 05-28-2020, 01:49 PM
Last Post: nairrk
  General News: Microsoft Windows 10 May 2019 Update announced; will put you in control of updates nairrk 0 664 04-06-2019, 11:47 AM
Last Post: nairrk
  General News: Google Search update brings more relevant information in one search nairrk 0 740 08-17-2018, 12:08 PM
Last Post: nairrk
  General News: Google merges Google Pay Send app into Google Pay and adds new features in update nairrk 0 597 07-11-2018, 12:25 PM
Last Post: nairrk
  General News: Google Keep update makes it easier to draw and take handwritten notes nairrk 0 543 07-04-2018, 02:17 PM
Last Post: nairrk
  General News: Outlook Android app update introduces ability to block external images nairrk 0 678 06-26-2018, 12:20 PM
Last Post: nairrk
  General News: Thousands of mobile apps found to have a critical vulnerability in their Firebase.. nairrk 0 675 06-22-2018, 11:16 AM
Last Post: nairrk

Forum Jump:


Users browsing this thread: 1 Guest(s)
Advertisement