Another critical hole within the week - does NS protect?

[luntrus]

Hi users of the NoScript extension and forum friends,

After a serious hole was being patched with Firefox 3.5.1, yet another serious hole has been found up within a week's time, that apparently still exists in 3.5.1. The "Unicode Data Remote Stack buffer overflow" was reported July 15th, see the POC here: http://downloads.securityfocus.com/vuln ... 35707.html
According to the Internet Storm Center Fx 3.5.1. is (still) also vulnerable. The exploit is a remote stack-based buffer-overflow vulnerability that can make the browser crash or enable remote code execution, so successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. Is NoScript again protecting us against this one?

luntrus

[Giorgio Maone]

Yes it does, as long as you don't whitelist the malicious code as trusted.

[luntrus]

Hi Giorgio Maone,

I really did not expect another answer. This again demonstrates that NoScript is an extension that protects users against old and new exploits, and even against vulnerabilities that still have to be dreamt up and lay somewhere in the near and distant future. I as a user of this extension - and I think a lot of users here agree - consider NS as a revolutionairy security concept, even so that I fear to use any browsers that has not got this extension on board,

luntrus

[therube]

2nd-hole-found-in-Firefox-35-unicode-Remote-buff-Overflow - Mozilla Firefox 3.5 Unicode Data Remote Stack Buffer Overflow Vulnerability

Oh, & for whatever reason, I'm not able to make the "code" from the link you posted act like "html".
When I save, then try to load it, it loads as if it were text?

[Alan Baxter]

Mozilla has determined the problem isn't exploitable. The authorities have been notified so they can update their advisories to something less alarming.
http://blog.mozilla.com/security/2009/0 ... 2009-2479/

[therube]

Perhaps not "exploitable", but if it results in a type of "DoS", or a crash, then in that respect ..."

So it's not an exploit. But the end result to end user while perhaps not as severe as an exploit is still unwanted. (Though I'm sure "exploits" like this are far more common then one might imagine.)

(I suppose Session Restore helps to mitigate things. But then that also kind of relies on having NoScript installed & blocking the site hosting the exploit at the time of the restore.)

[therube]

Here is the Bug 504342 - Investigate milw0rm 9158 "unicode stack overflow".

(Though I'm sure "exploits" like this are far more common then one might imagine.)

Here's another (though fixed in current versions of Mozilla), Memory-hogging bug offers universal browser crash exploit. This exploit/dos/crasher/hole/... they say has existed 9 years now.