Language Selection

English French German Italian Portuguese Spanish

Unpatched Firefox flaw may expose users

Filed under
Moz/FF
Security

A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users' PCs, a security researcher has warned.

The problem lies in the way Firefox handles Web links that are overly long and contain dashes, security researcher Tom Ferris said in an interview via instant messaging late Thursday.

He posted an advisory and a proof of concept to the Full Disclosure security mailing list and to his Security Protocols Web site.

The security vulnerability is a buffer overflow flaw that "allows for an attacker to remotely execute arbitrary code" on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.

Severity:
Critical

Vendor:
Mozilla

Versions Affected:
Firefox Win32 1.0.6 and prior
Firefox Linux 1.0.6 and prior
Firefox 1.5 Beta 1 (Deer Park Alpha 2)

Full Story.

More in Tux Machines

Leftovers: Gaming

today's howtos

Leftovers: Software

Intel Beignet Is Working Out Surprisingly Well For OpenCL On Linux

Beignet is the project out of Intel's Open-Source Technology Center for exposing GPGPU/compute capabilities out of Ivy Bridge hardware and newer when using a fully open-source Linux stack. While Beignet differs greatly from Gallium3D's Clover state tracker, this Intel-specific open-source OpenCL implementation is working out quite well for Ubuntu Linux. While I've been writing about Intel's Beignet project since early 2013, it's probably been about a year now since I tried out the code, which is developed by Intel's OTC graphics team in China. This weekend I tried out Beignet v0.9.2 as trying out the newest Intel OpenCL code has been on my TODO list for a while and it's been working out rather well in my initial tests. Read more