Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

Hands-On: More adventures with Manjaro-ARM for the Raspberry Pi 2

In my previous post I celebrated the announcement of Manjaro-ARM Linux for the Raspberry Pi 2. I installed it on my Pi 2 with no problems, and I was ready to continue experimenting and investigating with two major objectives - how complete/stable is it, and what are the chances of getting the i3 window manager working on it? Read more

Canonical Will Be Present at MWC 2016 to Showcase Its Ubuntu Convergence

MWC (Mobile World Congress) 2016 is almost upon us, and one of the biggest attraction there will be, of course, Canonical's latest Ubuntu convergence features, which the company behind the world's most popular free operating system will showcase on the new BQ Aquaris M10 Ubuntu Edition tablet device. Read more

Benchmarks Of The ODROID-C2 64-Bit ARM Development Board

Earlier this month Hardkernel announced the ODROID-C2 as a 64-bit ARM development board that would begin shipping in March. Fortunately, you don't need to wait until next month to find out how this $40 USD 64-bit ARM development board is performing: here are some benchmarks. Read more

Pinterest open-sources its Teletraan tool for deploying code

As promised last year when the company introduced it, Pinterest today announced that it has released its Teletraan tool for deploying source code on GitHub under an open source Apache license. “Teletraan is designed to do one thing, deploy code,” Pinterest software engineer Baogang Song wrote in a blog post. “Not only does it support critical features such as zero downtime deploy, rollback, staging and continuous deploy, but it also has convenient features, such as displaying commit details, comparing different deploys, notifying deploy state changes through either email or chat room, displaying OpenTSDB metrics and more.” Read more