Hartnäckige Firefox-Lücke

[pagefault]

Korrektur: Laut Mozilla lässt der Fehler den Firefox zwar abstürzen aber es bestehe keine Möglichkeit für Codeausführung.

Der Fehler ist also zwar extrem lästig, aber nicht wirklich gefährlich.

In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability.

Quelle: http://blog.mozilla.com/security/20...overflow-crash-not-exploitable-cve-2009-2479/

 

[Juerg Schwarz]

Möchte mal wissen, was mich das interessiert als Linux User.

 

[pagefault]

Möchte mal wissen, was mich das interessiert als Linux User.

Vielleicht das hier:

On Linux, the problem is similar to that on Mac: there is an abort in system libraries (pango, glib, libc). Due to the wide variation of Linux libraries and versions deployed, and different compilation options chosen by Linux distributors for Firefox, the details of the crash report may vary between machines.

Quelle: http://blog.mozilla.com/security/20...overflow-crash-not-exploitable-cve-2009-2479/