Mozilla has quickly fixed the Just-in-time JavaScript exploit with the recent Firefox 3.5.1. But, here is another exploit discovered in 3.5.1 which other versions may be affected also. This time, the exploit will lead to system compromise or induce a DOS. Source has explained the exploit really well,
a remote stack-based buffer-overflow, triggered by sending an overly long string of Unicode data to the document.write method. If exploited, the resulting overflow could lead to code execution,, or if exploit attempts fail, a denial of service scenario.
NoScript Add-on may not protect users in this case. It seems exploits must be present in any software… We don’t need to be too worry, but we need to be careful when visiting those unfamiliar sites.
[via The Tech Herald]
