|
Recent
Articles |
A Little Bit of a Dustup About our Amazon Talk
I see Rick Segal picking on Amazon's CTO after reading a bunch of blogs this morning about our Amazon talk (and the ensuing controversy about whether or not we answered questions very well or not).
Microsoft Spending Big To Beat IBM
The business market for software just became a little more heated, as Microsoft CEO Steve Ballmer announced a $500 million marketing campaign to try and boost Microsoft's fortunes at IBM's expense.
Net Neutrality Foes To Merge
Outspoken advocates of a two-tiered Internet will soon share a single corporate structure as AT&T will shell out $67 billion to acquire BellSouth.
"We Were Well-Paid, Latte-Drinking Vassals"
Versai's Greg Olsen hits another one out of the park: Software's Glorious Revolution. A couple of weeks back, GregO coined the term...
Um,Doesn’t This Patent Have Prior Art?
You know the world has gotten a little nutty when a Microsoft guy complains about a patent, but when Matt May last night at the Podcast Hotel told me a company...
|
|
|
04.25.06
Firefox Zero-Day DoS Discovered
 By
David A. Utter
A Javascript handling issue in the latest version of the Firefox browser can be exploited to cause a buffer overflow and crash the browser.
Proof of concept code provided in the Milw0rm exploit advisory did cause a Firefox 1.5.0.2 browser to crash immediately. That behavior prompted both the Mozilla feedback agent and Microsoft's error reporting tool to launch and request permission to send the details of the crash along to the respective organizations.
The milw0rm alert carried a description of the problem that will likely prompt Mozilla to provide a quick update:
A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur.
The exploit exists in Linux as well as Windows versions of Firefox.
Mozilla recently released Firefox 1.5.0.2 on April 13th. The update provided security fixes for nineteen problems in the browser, with eleven of those rated "critical" by the organization.
Overall, Firefox has fared better than Internet Explorer, the world's most widely used browser, when it comes to security issues. As the Firefox browser grew in global market share to the ten percent range, the number of people trying to find problems with it has likewise increased.
Mozilla has been able to keep the browser updated a little more quickly than Microsoft has with IE. When a potentially dangerous IE flaw became publicly known after Microsoft issued its March security patches, a pair of third-party security companies released unofficial patches for the problem when Microsoft appeared to refuse to release a patch outside of its regular release cycle.
Microsoft did not recommend the use of those patches from eEye and Determina because of the modifications the patches would make to windows. Both companies noted that their patches could be easily uninstalled when an official patch was released.
About
the Author:
David Utter is a business and technology writer with WebProNews. |
