November 1, 2006 12:52 PM PST

Another denial-of-service bug found in Firefox 2

By Joris Evers
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Another IE 7 pop-up problem discovered
October 30, 2006; Spoofing bug found in IE 7
October 25, 2006; Minor issues surface after IE 7 launch
October 19, 2006; Microsoft hopes 7 is lucky number for IE
October 18, 2006

A second security flaw that could cause the new Firefox 2 browser to crash has been publicly disclosed.

The vulnerability lies in the way the open-source browser handles JavaScript code. Viewing a rigged Web page will cause the browser to exit, a representative for Mozilla, the publisher of the software, said Wednesday. Contrary to claims on security mailing lists, the bug cannot be exploited to run arbitrary code on a PC running Firefox 2, the representative said.

This flaw in the JavaScript Range object is different from the denial-of-service vulnerability in Firefox 2 that was confirmed by Mozilla last week. That bug is related to a more serious security hole, which was fixed in earlier versions of Firefox, the organization has said.

The two "crashers" are the only publicly released vulnerabilities that have been confirmed by Mozilla in the week since Firefox 2 was launched. The issues are only minor, the organization has said.

By contrast, Microsoft's Internet Explorer 7 update suffers from a spoofing flaw, discovered a week after Microsoft released IE 7 on Oct. 18. The vulnerability could help crooks mask phishing scams, the type of attack Microsoft designed the browser to thwart.

According to Secunia, a security monitoring company, there are at least two other vulnerabilities in IE 7. Microsoft has disputed these issues, saying that one reported problem lies in Outlook Express, not IE 7, and the other is a part of the product design, not a flaw.

Release of the new Web browsers set off a race among bug hunters to come up with the first security hole in either program. So far, though, none of the reported flaws could be exploited to hijack a PC running the browser, the most serious type of vulnerability.

See more CNET content tagged:
Firefox 2.0, denial of service, Microsoft Internet Explorer 7, Firefox, vulnerability

Latest tech news headlines

The main problem with Windows Vista
Posted in Defensive Computing by Michael Horowitz

September 6, 2008 7:50 PM PDT
Google-focused satellite enters orbit
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 7:33 PM PDT
In NFL deal, an extra point for Adobe's Flash
Posted in News - Digital Media by Jonathan Skillings

September 6, 2008 6:40 PM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Coop's Corner
Chris Shipley 1, Internet lynch mob 0
Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
Google-focused satellite enters orbit
The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Crossfade
The Standard, 'A Different Skin': Free MP3 of the Day
Eschewing the danceable beats favored by many of its post-punk brethren, while opting instead for more ominous and insistent rhythms, is what makes the Standard visceral and engaging. Download a free MP3 of "A Different Skin" courtesy of CNET Download Mus
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.