Another denial-of-service bug found in Firefox 2

By Joris Evers
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Another IE 7 pop-up problem discovered
October 30, 2006; Spoofing bug found in IE 7
October 25, 2006; Minor issues surface after IE 7 launch
October 19, 2006; Microsoft hopes 7 is lucky number for IE
October 18, 2006

A second security flaw that could cause the new Firefox 2 browser to crash has been publicly disclosed.

The vulnerability lies in the way the open-source browser handles JavaScript code. Viewing a rigged Web page will cause the browser to exit, a representative for Mozilla, the publisher of the software, said Wednesday. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2, the representative said.

This flaw in the JavaScript Range object is different from the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week. That bug is related to a more serious security hole, which was fixed in earlier versions of Firefox, the organization has said.

The two "crashers" are the only publicly released vulnerabilities that have been confirmed by Mozilla in the week since Firefox 2 was launched. The issues are only minor, the organization has said.

By contrast, Microsoft's Internet Explorer 7 update suffers from a spoofing flaw, discovered a week after Microsoft released IE 7 on Oct. 18. The vulnerability could help crooks mask phishing scams, the type of attack Microsoft designed the browser to thwart.

According to Secunia, a security monitoring company, there are at least two other vulnerabilities in IE 7. Microsoft has disputed these issues, saying that one reported problem lies in Outlook Express, not IE 7, and the other is a part of the product design, not a flaw.

Release of the new Web browsers set off a race among bug hunters to come up with the first security hole in either program. So far, though, none of the reported flaws could be exploited to hijack a PC running the browser, the most serious type of vulnerability.

See more CNET content tagged:
Firefox 2.0, denial of service, Microsoft Internet Explorer 7, Firefox, vulnerability

Latest tech news headlines

IDC says netbook shipments up, expects constrained IT budgets
Posted in News - Business Tech by Erica Ogg

October 15, 2008 2:09 PM PDT
Automattic acquires PollDaddy
Posted in Webware by Rafe Needleman

October 15, 2008 1:57 PM PDT
eBay issues gloomy forecast as tech stocks tank again
Posted in News - Digital Media by Greg Sandoval

October 15, 2008 1:51 PM PDT
See all headlines

Resource center from CNET News sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IDC says netbook shipments up, expects constrained IT budgets
Economic turmoil drives lowered consumer and professional spending on PCs, but makes cheaper netbooks more attractive.
Gallery
Photos: Solar business heats up the Golden State
The Open Road
Open source for president? Get real
We're voting for a president, not a software preference. There are bigger issues in front of the U.S. president than whether the government adopts open source.
Beyond Binary
Windows 7 equals some strange math
Although Windows 7 was also the product's code name, the forthcoming version of Windows is not Microsoft's seventh iteration, and it won't carry the version number 7.0.
Video
Apple laptop redesigns and a lower price
News - Digital Media
eBay issues gloomy forecast as tech stocks tank again
Web auctioneer says 4th quarter profit could be as low as 25 cents. The company earned 39 cents during the same quarter last year.
Video
Apple's latest MacBook Pro
News - Politics and Law
'New York Times' widget tracks campaign donations
The New York Times' new online tool allows users to analyze campaign donation figures from the Federal Election Commission.
News - Cutting Edge
'60 Minutes' video: Drone warfare in Iraq
UAVs like the Predator are a highly valued asset for the U.S. military as it pursues "fleeting and perishable" targets. Lesley Stahl reports.
Gallery
Photos: 'Popular Mechanics' breakthroughs
Webware
Automattic acquires PollDaddy
Polling function now embedded on Wordpress.com; other platforms still supported.
Green Tech
Tesla Motors replaces CEO, plans layoff
Elon Musk, company investor and chairman, will take over as CEO, replacing Ze'ev Drori, who will join the board. Layoffs are also planned as part of a corporate review.