Issue The URL in the address bar can be spoofed when a new window or tab is opened by a malicious web page. Impact to users If a user visits a page hosting this malicious code, a new window or … Continue reading

In the last few days, there have been several reports (including one via SANS) of a bug in Firefox related to handling of certain very long Unicode strings. While these strings can result in crashes of some versions of Firefox, … Continue reading

Issue A bug discovered last week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly yesterday. It is a critical vulnerability that can be used to execute malicious code. Impact The vulnerability can be exploited by an attacker who … Continue reading

Issue A null pointer dereference in the content layout component of Firefox allows an attacker to crash the browser when a user navigates to a malicious page. Impact If a user browses to a malicious page that takes advantage of … Continue reading

Issue A vulnerability in the way Firefox handles CSS allows an attacker to take advantage of an integer overflow and execute arbitrary code.  In order for the attack to be successful a user must browse to a malicious site.  The … Continue reading

TippingPoint ZDI notified Mozilla of a vulnerability in Firefox that impacts versions 2.x and 3.0.  This issue is currently under investigation.  To protect our users, the details of the issue will remain closed until a patch is made available.  There … Continue reading

As today’s headlines confirm, there is still a lot of confusion about what happened to the Vietnamese language pack, who is impacted, and what that impact really is. First of all, there is no virus in the Vietnamese language pack. … Continue reading

The Vietnamese language pack for Firefox 2 contains inserted code to load remote content.  This code is the result of a virus infection, but does not contain the virus itself.  This usually results in the user seeing unwanted ads, but … Continue reading