Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.



Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

Ubuntu 16.10: Convergence is in a holding pattern; consistency’s here instead

There's plenty in Ubuntu 16.10 that makes it worth the upgrade, though nothing about Canonical's latest release is groundbreaking. This less experimental but worthwhile update continues to refine and bug-fix what at this point has become the fastest, stablest, least-likely-to-completely-change-between-point releases of the three major "modern" Linux desktops. Still, while the Unity 7.5 desktop offers stability and speed today, it's not long for this world. Ubuntu 16.10 is the seventh release since the fabled Unity 8 and its accompanying Mir display server were announced. Yet in Ubuntu 16.10, there's still no Unity 8 nor Mir. Read more

Red Hat named as visionary in Gartner's 2016 Magic Quadrant

Red Hat, Inc., the world's leading provider of open source solutions, on Thursday announced that Gartner, Inc. has positioned Red Hat in the "Visionaries" quadrant of Gartner's October 2016 Magic Quadrant for Distributed File Systems and Object Storage for Red Hat Ceph Storage and Red Hat Gluster Storage. Read more

Qt Creator 4.2 Beta released

Qt SCXML is a new module in Qt that allows you to create state machines from State Chart XML and embed them into Qt C++ and Qt Quick applications (Overview). It was released as Technical Preview in Qt 5.7 and will be released fully supported with Qt 5.8. Qt Creator 4.2 now supplements the module by offering a graphical editor for SCXML (experimental). It features editing states and sub-states, transitions, events, and all kinds of properties. The editor is experimental and the plugin is not loaded by default. Turn it on in Help > About Plugins (Qt Creator > About Plugins on macOS) to try it. Read more Also: Qt Creator 4.2 Beta Released

6 Best Linux Desktop Environments [Part - 2]

Linux has been developing at a good pace through this last years and with development comes better support for different hardware regarding support for proprietary drivers for video cards, better file systems, more choices in what operating system to use and one of the things that has it importance is distros graphical environment. Read