Security bug found in latest version of Firefox

By Chuck Miller on Jul 15, 2009 10:35AM

An unpatched vulnerability in version 3.5 of Firefox, which was released last month, could enable a hacker to remotely run arbitrary code on users' machines, security firm Secunia said in an advisory.

The vulnerability arises when the browser processes JavaScript code to handle HTML font tags, the advisory said. An exploit can cause a memory corruption buffer overflow, which could lead to a compromise on an affected system.

“If your browser (Internet Explorer, Firefox, etc.) or its plug-ins (Adobe Flash Player, QuickTime, Sun Java, etc.) contain vulnerabilities, then you're exposed to security threats every single time you visit a website,” Secunia spokesman Mikkel Winther told SCMagazineUS.com in an email.

No patch is available yet from Mozilla, though exploit code has been posted on exploit repository milw0rm, which has reopened after temporarily shutting down.

Until a patch from Mozilla is available, US-CERT has encouraged users and administrators to disable JavaScript to mitigate any risks associated with the vulnerability. On its site, US-CERT describes a method to turn JavaScript off.

If that is untenable, Secunia said the best way to avoid being infected is to practise safe web surfing.

“We can only recommend that users refrain from visiting untrusted websites,” Winther said.

See original article on scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.

Tags:

35 arbitrary bug code firefox flaw security vulnerability

Palo Alto Networks alerted to DoS vulnerability in routers

US puts million-dollar bounty on Russian ransomware raiders

Cloud shift helps QBE modernise tech estate

NBN Co proposes to axe CVC across all plans by mid-2026

Victoria takes covers off digital twin

Security bug found in latest version of Firefox

An unpatched vulnerability in version 3.5 of Firefox, which was released last month, could enable a hacker to remotely run arbitrary code on users' machines, security firm Secunia said in an advisory.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Australian court finds insurer not liable for ransomware clean-up costs

NBN Co proposes to axe CVC across all plans by mid-2026

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Most popular tech stories

Case Study: Hydro Tasmania undergoes infrastructure modernisation program

COVER STORY: Multiple cloud models make security more complex

COVER STORY: What happens when Google changes its algorithm?

Metaverse Minutes: What are gas fees?

A billion dollars worth of connected TV ads wasted. The TV was turned off

Partners join Ingram Micro, Vertiv for cooking lessons

Bidding war to acquire MOQ Limited rages between Atturra, Brennan IT

Servers Australia discloses "malicious activity" impacting some Sydney services

Accenture, Deloitte, TCS top Gartner's cloud IT transformation providers list

Reserve Bank of Australia launches digital currency project

Right to repair: Large scale IT buyers can influence product design... and they should

Five minimum features needed in your choice of a business laptop

Building a modern workplace for a remote workforce

Venom BlackBook Zero 15 Phantom

How long will a UPS keep your computers on if the lights go out?

Photos: Australian industry comes together to explore IoT opportunities

IoT Explained: What is the Internet of Things in Australia (June 2022)

Why LoRaWAN is ideal for water network management

Giving water utilities IoT technology "freedom"

How Tassal created the internet of salmon

Palo Alto Networks alerted to DoS vulnerability in routers

US puts million-dollar bounty on Russian ransomware raiders

Cloud shift helps QBE modernise tech estate

NBN Co proposes to axe CVC across all plans by mid-2026

Victoria takes covers off digital twin

Security bug found in latest version of Firefox

An unpatched vulnerability in version 3.5 of Firefox, which was released last month, could enable a hacker to remotely run arbitrary code on users' machines, security firm Secunia said in an advisory.

Partner Content

Sponsored Whitepapers

Events

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Australian court finds insurer not liable for ransomware clean-up costs

NBN Co proposes to axe CVC across all plans by mid-2026

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Most popular tech stories

Case Study: Hydro Tasmania undergoes infrastructure modernisation program

COVER STORY: Multiple cloud models make security more complex

COVER STORY: What happens when Google changes its algorithm?

Metaverse Minutes: What are gas fees?

A billion dollars worth of connected TV ads wasted. The TV was turned off

Partners join Ingram Micro, Vertiv for cooking lessons

Bidding war to acquire MOQ Limited rages between Atturra, Brennan IT

Servers Australia discloses "malicious activity" impacting some Sydney services

Accenture, Deloitte, TCS top Gartner's cloud IT transformation providers list

Reserve Bank of Australia launches digital currency project

Right to repair: Large scale IT buyers can influence product design... and they should

Five minimum features needed in your choice of a business laptop

Building a modern workplace for a remote workforce

Venom BlackBook Zero 15 Phantom

How long will a UPS keep your computers on if the lights go out?

Photos: Australian industry comes together to explore IoT opportunities

IoT Explained: What is the Internet of Things in Australia (June 2022)

Why LoRaWAN is ideal for water network management

Giving water utilities IoT technology "freedom"

How Tassal created the internet of salmon

Log In