Hi malware fighters,
After a serious hole was being patched with Firefox 3.5.1 and yet another serious hole has been found up within a week’s time, that apparently still exists in 3.5.1. The “Unicode Data Remote Stack buffer overflow” was reported July 15th, see the POC here: http://downloads.securityfocus.com/vulnerabilities/exploits/35707.html
According to the Internet Storm Center Fx 3.5.1. is also vulnerable. The exploit, it is remote stack-based buffer-overflow vulnerability that can make the browser crash or enable remote code execution, so successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions,
The NoScript extension for Firefox protects against this, as long as you don’t whitelist the malicious code as trusted,
polonus