MozillaZine

Mozilla Firefox 2 Release Candidate 1 Available for Testing

Wednesday September 27th, 2006

Mozilla Firefox 2 Release Candidate 1 is now available for download. This preview of the next version of Firefox browser is aimed at Web Application Developers, testers and early adopters.

For more information, refer to the Release Notes.


#80 Vulnerabilities and Suggestion

by Lusfox

Thursday October 26th, 2006 12:09 AM

You are replying to this message

This flaw reported by Mozilla <http://www.mozilla.org/se…nce/2006/mfsa2006-59.html> is still unfixed in the latest Firefox 2.0 final.

This exploit works in Firefox 2.0 Final: <http://lcamtuf.coredump.cx/ffoxdie.html>

"Jonathan Watt and Michal Zalewski independently reported timing dependent testcases that trigger crashes at the same place during text display. We have seen no demonstration that these crashes could be reliably exploited, but they do show evidence of memory corruption so we presume they could be. Note: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from enabling JavaScript in mail."

by SecurityFocus

__________________

Suggestion:

The Firefox could load extensions in real time without needing to close and to come back to open and did not have to allow to the extensions crash.