Critical Firefox Flaw Accidentally Fixed

 
 
By Lisa Vaas  |  Posted 2007-02-26 Email Print this article Print
 
 
 
 
 
 
 

After a flurry of "yes it's fixed" and "oh no it's not" between bug researchers over the weekend, the verdict is that Firefox 2.0.0.2 did indeed fix the memory corruption flaw found by Polish hacker Michal Zalewski on Feb. 23.

Zalewski posted his version of the story that took place behind the fix—a story that contains an inadvertent solution that he calls "kinda funny."

"I reported the problem a day before 2.0.0.2 was to be released. Mozilla dev team looked into this, but—if I understand correctly—decided to go on with 2.0.0.2 as planned, without a fix for this vuln, then follow up with a quick release of 2.0.0.3 to address the problem. This seemed like a sane decision—2.0.0.2 had been postponed previously, so there seemed to be no point in holding back.

"When 2.0.0.2 went live, some devs noticed that it doesn't crash with my testcase, though it still crashes trunk builds. After a brief moment of confusion, they determined that a fix for an unrelated, obscure non-security bug 364692 had altered the behavior this vulnerability depended on, accidentally rendering 2.0.0.2 not vulnerable to the attack."

The bug was then fixed on trunk. Zalewski said he hasn't examined the changes done for flaw 364692 but that his browser is no longer crashing using his memory corruption bug example.

To get the latest version of Firefox, go to getfirefox.com.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel