Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability, FireFox 3.5.1 affected, no patch

Mozilla Firefox is prone to a remote stack-based buffer-overflow vulnerability.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

http://www.securityfocus.com/bid/35707/discuss

Vulnerability in FireFox 3.5.1 confirmed, exploit PoC, no patch
Various analysts and sites have recently confirmed a vulnerability is present in FireFox 3.5.1 that has had exploit PoC released. When exploited, the vulnerability can lead to system compromise or induce a DOS. No Patch is available.

http://isc.sans.org/diary.html?storyid=6829

Published Sun, Jul 19 2009 10:00 by donna

Comments

Sunday, July 19, 2009 3:18 PM by Asa Dotzler

# re: Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability, FireFox 3.5.1 affected, no patch

This is a browser out of memory crash. There is no evidence that this is exploitable while all evidence points to it not being exploitable. Pretty much all browsers crash from this but that doesn’t mean that it’s a security issue.