New Security Flaw Hits Firefox
A new unpatched security flaw has been reported in the Firefox browser. The development comes in the wake of the newly released beta of version 1.5, which is supposed to meet several security issues.
Security researcher Tom Ferris has discovered a vulnerability in Firefox, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a user’s system, reports security firm Secunia.
The vulnerability is caused due to an error in the handling of an IDN URLs that contains the 0xAD character in its domain name. This can be exploited to cause a heap-based buffer overflow, claims the Secunia advisory.
Successful exploitation crashes Firefox and may allow code execution but requires that the user is tricked into visiting a malicious web site or open a specially crafted HTML file.
The vulnerability has been confirmed in version 1.0.6, and is reported to affect versions prior to 1.0.6, and version 1.5 Beta 1. According to Secunia, the vendor recommends setting the preference “network.enableIDN” to false. This can be done in the “prefs.js” file or using “about:config”.
- It's Time To Say Goodbye To Adobe Flash Player
- Mozilla's New Brand Identity To Stay Relevant
- Mozilla Firefox Vulnerable To Man-In-The-Middle Attack: Report
- Is Google Losing Its Sway In The 'Search' Market?
- Android One Shows India Is Biggest Market For Google
- Mozilla Sees High Growth Potential In India
- Google Chrome, Mozilla Firefox Under Attack
- Will Android Remain The Reigning Champion In 2014?
- HTML5-capable mobile devices to total 1.4 billion in 2013
- Another round of browser wars, this time it's mobile