It could be hard to believe, but after the recent release of Firefox 3.5.1 update, a new security flaw that allows remote code execution through JavaScript code was discovered. A proof of concept for the exploit code was also made public and it works, because Mozilla Firefox browser is still vulnerable to a stack-based buffer overflow. The attacker could generate the buffer overflow by sending long Unicode strings to the document.write method and in this way is possible the remote code execution to compromise an operating system or a DOS (Denial Of Service) attack.
Read More