Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

Our Favourite Apps for Ubuntu

We enjoy using Ubuntu mainly for gaming, writing, listening to music and browsing the web. (Lots and lots of browsing the web.) There are other apps that we would love to have on Ubuntu like Affinity Photo, a stunning image editor that’s on par with Adobe’s Photoshop that’s available on Windows and Mac as well as Bear, a beautifully designed note taking app that we do most of our writing on that’s only available for macOS. However, the Ubuntu platform has moved forward in leaps and bounds in recent years when it comes to the official availability of popular apps and we are confident that this trend will continue. What’s your favourite Ubuntu apps? Read more

Kernel Space: Plans for Linux 4.16, 4.15 Likely Out Shortly

Some FreeBSD Users Are Still Running Into Random Lock-Ups With Ryzen

While Linux has been playing happily with Ryzen CPUs as long as you weren't affected by the performance marginality problem where you had to swap out for a newer CPU (and Threadripper and EPYC CPUs have been running splendid in all of my testing with not having any worries), it seems the BSDs (at least FreeBSD) are still having some quirks to address. This week on the FreeBSD mailing list has been another thread about Ryzen issues on FreeBSD. Some users are still encountering random lockups that do not correspond to any apparent load/activity on the system. Read more

PC desktop build, Intel, spectre issues etc.

Apart from the initial system bought, most of my systems when being changed were in the INR 20-25k/- budget including all and any accessories I bought later. The only real expensive parts I purchased have been external hdd ( 1 TB WD passport) and then a Viewsonic 17″ LCD which together sent me back by around INR 10k/- but both seem to give me adequate performance (both have outlived the warranty years) with the monitor being used almost 24×7 over 6 years or so, of course over GNU/Linux specifically Debian. Both have been extremely well value for the money. As I had been exposed to both the motherboards I had been following those and other motherboards as well. What was and has been interesting to observe what Asus did later was to focus more on the high-end gaming market while Gigabyte continued to dilute it energy both in the mid and high-end motherboards. Read more