The Channel logo


By | John Leyden 9th September 2005 15:43

Firefox blighted by unpatched bug

IE-style security flap hits alternative browser

Security researchers have discovered an unpatched vulnerability in Firefox that might be used to crash vulnarable systems. Hackers might also use the security bug to trick surfers into running malicious code by simply fooling them into visiting a maliciously constructed website.

This is a class of problem well known to IE users but it will come as a nasty shock to users of the alternative browser, which has been seen as something of a safe haven from hacker attack even though this assumption has come under question over recent months. The vulnerability, discovered by Tom Ferris of Security Protocols, applies to Firefox version 1.0.6. Previous versions may also be affected but this has yet to be confirmed. The security bug stems from an error in handling a URL that contains the 0xAD character in its domain name, giving rise to possible heap-based buffer overflow attacks. Security notification service Secunia describes the vulnerability as "highly critical". It advises users not to browse untrusted websites as a precaution. This isn't exactly the easiest precaution to stick to, though it's the only one on offer just now pending a more comprehensive workaround from the Mozilla Foundation. ®

alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe