Second Firefox 2 bug discovered
Published: 02 Nov 2006 10:50 GMT
A second security flaw that could cause the new Firefox 2 browser to crash has been publicly disclosed.
The vulnerability lies in the way the open-source browser handles JavaScript code. Viewing a rigged web page will cause the browser to exit, a representative for Mozilla, the publisher of the software, said on Wednesday. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2, the representative said.
This flaw in the JavaScript Range object is different from the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week. That bug is related to a more serious security hole, which was fixed in earlier versions of Firefox, the organisation has said.
The two "crashers" are the only publicly released vulnerabilities that have been confirmed by Mozilla in the week since Firefox 2 was launched. The issues are only minor, the organisation has said.
By contrast, Microsoft's Internet Explorer 7 update suffers from a spoofing flaw, discovered a week after Microsoft released IE7 on 18 October. The vulnerability could help crooks mask phishing scams, the type of attack Microsoft designed the browser to thwart.
According to Secunia, a security monitoring company, there are at least two other vulnerabilities in IE7. Microsoft has disputed these issues, saying that one reported problem lies in Outlook Express, not IE7, and the other is a part of the product design, not a flaw.
Release of the new web browsers set off a race among bug hunters to come up with the first security hole in either program. So far, though, none of the reported flaws could be exploited to hijack a PC running the browser, the most serious type of vulnerability.
Did you find this article useful?
500 out of 584 people found this useful
- Share this article:
