Yet another 'critical' Firefox flaw

Summary:Firefox 2.0.0.2 as a high-priority browser

Less than 24 hours before the scheduled release of Firefox 2.0.0.2 as a high-priority browser refresh, a new "critical" vulnerability has been reported by Polish hacker Michal Zalewski.

Zalewski, who appears to be running an unofficial MOFFB (month of Firefox bugs) project, released a demo of a memory corruption issue that crashes the browser and puts users at risk of PC takeover attacks.

"Firefox is susceptible to a pretty nasty, and apparently easily exploitable memory corruption vulnerability. When a location transition occurs and the structure of a document is modified from within onUnload event handler, freed memory structures are left in inconsistent state, possibly leading to a remote compromise," Zalewski warned.

Mozilla's security team is tracking the issue.

Zalewski's ongoing browser research has also uncovered a "quite nasty" flaw in Microsoft's Internet Explorer 7.

He described the IE 7 issue as a "combination-type vulnerability" that allows the attacker to:

a) Trap the visitor in a Matrix-esque tarpit webpage that cannot be left by normal means (this is a known brain-damaged design of onUnload Javascript handlers),

b) Spoof transitions between pages so that the user thinks he actually managed to leave the affected site, and so that the URL bar displays other addresses we didn't actually go to.

"This opens a plethora of spoofing/phishing scenarios," Zalewski warned. A demonstration page is available for testing purposes.

So far this month, Zalewski's demos have included focus bugs, a location.hostname issue (critical), a blank bug, a bookmark issue and today's unload and trap flaws.

Topics: Browser

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.