Bug in Firefox 3.5.1 isn't exploitable, Mozilla says

Bug can cause PCs and Macs to crash, but users are safe

A bug discovered in the latest version of Firefox is not exploitable, Mozilla said on Sunday, responding to reports of another vulnerability in the browser.

Mozilla released Firefox 3.5.1, the latest version of the browser, last Thursday. The release fixed several recently discovered security holes in version 3.5, which came out in June. Among the security holes that were closed was a critical vulnerability that allowed an attacker to install and run code on a PC without any interaction from the victim.

On Friday, reports began to emerge of a stack-based buffer overflow vulnerability in Firefox 3.5.1 that could be used to gain access to a computer or launch a distributed denial of service attack. But after examining the reported vulnerability, Mozilla said that's not the case.

"The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability," wrote Mike Shaver, Mozilla's vice president of engineering, in a blog post on Sunday.

The bug causes Firefox 3.5 and Firefox 3.5.1 to crash on a Windows PC, but does not give an attacker access to the PC, Shaver said, calling the crash "safe and immediate."

The bug can also cause Firefox 3.0 and 3.5 to crash on Apple computers.

"A crash occurs inside the ATSUI system library (part of OS X), due to what appears to be a failure to check allocation results," Shaver said, adding the same issue could affect other applications using text-handling libraries in MacOS X. "We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags mozilla firefox

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?