Vulnerability in FireFox 3.5.1 confirmed, exploit PoC, no patch

Started by Corrine, July 19, 2009, 12:04:23 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Corrine

July 19, 2009, 12:04:23 AM
QuoteVarious analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available.

http://isc.sans.org/diary.html?storyid=6829


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Eric the Red

#1
July 21, 2009, 07:49:39 PM
Will it or won't it?

There is much discussion about this report, the Mozilla Blog is a good starting point if you are interested:

http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/
"The time to start running is around about the "e" in "Hey, you!" "

Aaron Hulett

#2
July 21, 2009, 07:51:24 PM
At a minimum, it's able to perform a DoS on the browser.  That part isn't in argument.

Eric the Red

#3
July 21, 2009, 07:55:20 PM
Indeed. What has not been confirmed is that the condition can lead to a system compromise.
"The time to start running is around about the "e" in "Hey, you!" "
Print
Go Up Pages1
User actions