Bug in Firefox 3.5.1 isn't exploitable, Mozilla says

Bug can cause PCs and Macs to crash, but users are safe

A bug discovered in the latest version of Firefox is not exploitable, Mozilla said on Sunday, responding to reports of another vulnerability in the browser.

Mozilla released Firefox 3.5.1, the latest version of the browser, last Thursday. The release fixed several recently discovered security holes in version 3.5, which came out in June. Among the security holes that were closed was a critical vulnerability that allowed an attacker to install and run code on a PC without any interaction from the victim.

On Friday, reports began to emerge of a stack-based buffer overflow vulnerability in Firefox 3.5.1 that could be used to gain access to a computer or launch a distributed denial of service attack. But after examining the reported vulnerability, Mozilla said that's not the case.

"The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability," wrote Mike Shaver, Mozilla's vice president of engineering, in a blog post on Sunday.

The bug causes Firefox 3.5 and Firefox 3.5.1 to crash on a Windows PC, but does not give an attacker access to the PC, Shaver said, calling the crash "safe and immediate."

The bug can also cause Firefox 3.0 and 3.5 to crash on Apple computers.

"A crash occurs inside the ATSUI system library (part of OS X), due to what appears to be a failure to check allocation results," Shaver said, adding the same issue could affect other applications using text-handling libraries in MacOS X. "We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags mozilla firefox

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?