Tag Archives: bug 485217

Firefox Vulnerability

Security Focus has published a vulnerability found on Firefox (all releases and platforms) causing a serious security flaw. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious file using the affected browser.

Exploit code at the link iframes a little xml file with an xslt transform that causes a crash reliably on 3.0 branch and trunk (and presumably 1.9.1, didn’t test). Null, but it’s being called, assuming the worst for the moment.  – extracted

Mozilla developers have already worked out  a fix which will be added to Firefox 3.0.8 which is due next week.

Technorati Tags: , , ,