Another Denial of Service Bug Found in Firefox 2 206
An anonymous reader writes "A second security flaw that could cause the new Firefox 2 browser to crash
has been publicly disclosed.
The vulnerability lies in the way the open-source browser handles
JavaScript code. Viewing a rigged Web page will cause the browser to exit,
a representative for Mozilla, the publisher of the software, said
Wednesday. Contrary to claims on security mailing lists, the bug cannot be
exploited to run arbitrary code on a PC running Firefox 2, the
representative said.
This flaw in the JavaScript Range object is different than the
denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla
last week. That bug is related to a more serious security hole, which was
fixed in earlier versions of Firefox, the organization has said.
The two 'crashers' are the only publicly released vulnerabilities that
have been confirmed by Mozilla in the week since Firefox 2 was launched.
The issues are only minor, the organization has said."
Old times (Score:5, Insightful)
We present "DOS reloaded"!
Re:LOL IE Users! (Score:4, Insightful)
Re:Old times (Score:5, Insightful)
Not necessarily. Application-crashing bugs are Denial of Service bugs if they can be triggered remotely.
There's a fundamental difference between "I can make my copy of FireFox crash" and "I can make your copy of FireFox crash".
Re:Old times (Score:4, Insightful)
Crash bugs in client software such as web browsers are "crashes", not "DoS vulnerabilities".
Re:So funny (Score:3, Insightful)
Personally I think the comments you are referring to come from a number of different factors
As for you issues with it crashing I think that is a bit personal/related to your system? Come on! you swapped to a completed different browser after little over a week of use? I personal run firefox 2 on OS X, windows XP/2000 and Linux (FC4,RHEL4u3) and have had not problems on any platform, but maybe that is just me.
Comment removed (Score:3, Insightful)
Re:LOL IE Users! (Score:3, Insightful)
Of course. Remember that many of the PC hobbyists on this site predate the general acceptance of the FOSS movement, and that many of us remember Microsoft from their DOS and Win 3.1 days as well as their more recent attempts at world domination.
After 20 years of dealing with that company, one tends to develop well-entrenched opinions about the quality of their software and the ethics (or lack thereof) behind Microsoft's business practices.