Bug in Firefox 3.5.1 isn't exploitable, Mozilla says

Bug can cause PCs and Macs to crash, but users are safe

A bug discovered in the latest version of Firefox is not exploitable, Mozilla said on Sunday, responding to reports of another vulnerability in the browser.

Mozilla released Firefox 3.5.1, the latest version of the browser, last Thursday. The release fixed several recently discovered security holes in version 3.5, which came out in June. Among the security holes that were closed was a critical vulnerability that allowed an attacker to install and run code on a PC without any interaction from the victim.

On Friday, reports began to emerge of a stack-based buffer overflow vulnerability in Firefox 3.5.1 that could be used to gain access to a computer or launch a distributed denial of service attack. But after examining the reported vulnerability, Mozilla said that's not the case.

"The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability," wrote Mike Shaver, Mozilla's vice president of engineering, in a blog post on Sunday.

The bug causes Firefox 3.5 and Firefox 3.5.1 to crash on a Windows PC, but does not give an attacker access to the PC, Shaver said, calling the crash "safe and immediate."

The bug can also cause Firefox 3.0 and 3.5 to crash on Apple computers.

"A crash occurs inside the ATSUI system library (part of OS X), due to what appears to be a failure to check allocation results," Shaver said, adding the same issue could affect other applications using text-handling libraries in MacOS X. "We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code."

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags mozilla firefox

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service
Show Comments

Essentials

Mobile

Exec

Budget

Back To Business Guide

Click for more ›

Brand Post

Bitdefender 2018

Roam freely in the digital world. Critically acclaimed performance and security at your fingertips.

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?