New Browser Flaw Out
A browser flaw that affects Mozilla Browser, Mozilla Firefox, Opera, and Apple Safari has been discovered. It causes them to crash and could potentially form the basis of an exploit that would affect virtually all major browsers.
Source: Internet NewsThe bug has been called the Infinite Array Sort Denial Of Service Vulnerability and causes the affected browsers to execute an infinite JavaScript array sort. That operation in turn effectively causes a DoS on the browser in question and causes it to crash by exhausting stack memory.
At present there are no confirmed exploits in the wild that expand the vulnerability to execute malicious code, though that may only be a matter of time.
Independent security researcher Berend-Jan Wever is credited with discovering the flaw. Though the flaw was just disclosed on security mailing lists, Wever has been aware of the flaw for some time and like many researchers had begun his efforts with a focus on IE.
0
Comments
I hit a page that spawned a buch of wierd **** and everything stopped.
When I reopened it it forced me to create a new profile, and I had to rebuild my bookmarks.
I have run spyware and virus scans. Nothing.
With IE it would have taken a couple of hours to clean up the mess.
Opera also makes you pay to remove the ads, doesn't it? It seems like that's another reason for it to remain "obscure".
Make sure you have version 1.0 final of FireFox, some loopholes were closed the final release of 1.0 that existed before it was finalized. I would expect a newer version, though....
BTW, if you are running XP SP2, you might look at KB887742 (you can use number alone or the KB887742 to search for it), and note that MS has revised the HTTP API in XP to try to close yet another hole and fix a couple compatibility things in one fell swoop. FireFox 1.0 DOES run fine with the patch referenced in that KB in place (Yes, it's a November 2004 patch, issued out of regular security patch cycle also-- it was nto ready at normal monthly cycle time, they thought it too important to hold for December patch release cycle.).
This patch does have effects on other programs than IE, as IE is tightly integrated into XP-- it affects things that use HTTP for various things also, even a bunch that are not browsers. FireFox runs smoother with the patch in place here, so does my AV, Peachtree, Help and Support Center in XP, QuickVerse 8.0 Deluxe and its help function, and a couple other programs load faster, while others have not changed behavior at all.
Your download for this patch WILL vary in patch number from the KB number, and not only XP is affected with the problem addressed by this patch. I confirmed patch was valid and that patch number was supposed to vary and was NOT a spoofed patch before installing it, in several ways. you can call it a hotfix also, if you want, and it can apply to some Microsoft server installs also. See if one or both of those things helps, ok???