Alleged 'Unfixable' Exploit in Firefox

sarlen · Post by **sarlen** » October 3, 2006, 9:20 am

Looks like someone came up with a big one this time. Hopefully Mozilla can get this patched this week if indeed it is true.

http://www.betanews.com/article/Alleged ... 1159803553

Winnow · Post by **Winnow** » October 3, 2006, 12:55 pm

Neost · Post by **Neost** » October 4, 2006, 2:44 am

/. has this link:

http://it.slashdot.org/it/06/10/03/1628257.shtml

that claims this is probably a hoax and at worst someone could cause your browser to crash.

"'As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has... I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code,' Spiegelmock said."

sarlen · Post by **sarlen** » October 5, 2006, 3:16 am

Update to the original article..

http://www.theregister.co.uk/2006/10/03 ... y_exploit/

basically, therre is a small crash bug in Firefox but the original info that it was able to execute code was false.