New vulnerability discovered in Mozilla’s Firefox 3.5.1 update for TraceMonkey!
In its first minor point update of the 3.5 series on early Friday, Mozilla released Firefox the 3.5.1, in an attempt to address a security vulnerability in the new 'hybrid' TraceMonkey JavaScript engine of the browser.
However, even with Mozilla's efforts to address the mentioned vulnerability in its Just-in-Time (JIT) compiler, there are fresh reports already of another vulnerability affecting Firefox 3.5.1 - which, according to security experts, might make other Firefox versions vulnerable as well.
Going by a report from SANS Internet Storm Center, followed by an IBM ISS X-Force alert, it has been conformed that the vulnerability - which was reported to SecurityFocus (BID 35707) on July 15 - was present in Firefox 3.5.1.
While security researchers like Simon Berry-Byrne have demonstrated how a malicious web page could use heap spraying to exploit the vulnerability and execute arbitrary code; Mozilla maintains that, as per internal testing, the mentioned vulnerability was not exploitable.
Mike Shaver, Mozilla's VP of engineering, said: "In the last few days, there have been several reports of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability."