Bug in Firefox 3.5.1 isn't exploitable, Mozilla says

20.07.2009
A bug discovered in the latest version of Firefox is not exploitable, Mozilla said on Sunday, responding to reports of another vulnerability in the browser.

Mozilla released , the latest version of the browser, last Thursday. The release fixed several recently discovered security holes in version 3.5, which came out in June. Among the that were closed was a critical vulnerability that allowed an attacker to install and run code on a PC without any interaction from the victim.

On Friday, began to emerge of a stack-based buffer overflow in Firefox 3.5.1 that could be used to gain access to a computer or launch a distributed denial of service attack. But after examining the reported vulnerability, Mozilla said that's not the case.

"The reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability," wrote Mike Shaver, Mozilla's vice president of engineering, in a on Sunday.

The bug causes Firefox 3.5 and Firefox 3.5.1 to crash on a Windows PC, but does not give an attacker access to the PC, Shaver said, calling the crash "safe and immediate."

The bug can also cause Firefox 3.0 and 3.5 to crash on Apple computers.