Mozilla Patches New Firefox Flaw
28 Comments
Mozilla developers acted fast to patch a new security vulnerability in Firefox, which slipped its way into the first beta build of Firefox 1.5 and exists in earlier versions as well. However, the patch simply disables the buggy feature while a permenant fix is worked out.
The vulnerability relates to Firefox's handling of IDN, or international domain names, and can be exploited by long Web links that contain dashes. The flaw causes a buffer overflow and opens the door for malicious code to be run on a PC. No code to exploit the problem has surfaced, but Mozilla developers say they are taking it seriously.