Flaw found in Firefox 2.0

Attackers could exploit the security flaw to crash versions and 2.0 of the browser, according to various security advisories.

A week after its release, vulnerability researchers are already reporting a flaw in Firefox 2.0 attackers could potentially exploit to cause a denial of service.

The United States Computer Emergency Readiness Team (US-CERT) released an advisory on the flaw Tuesday, saying Firefox and 2.0 "allows remote attackers to cause a denial of service by creating a range object using createRange, calling selectNode on a DocType node, then calling createContextualFragment on the range, which triggers a null dereference."

The Bethesda, Md.-based SANS Internet Storm Center (ISC) also warned of the flaw on its Web site. Original reports indicated attackers could exploit the flaw to cause a buffer overflow and launch malicious code, the ISC noted. But as of Tuesday, that could not be verified. The potential for a denial of service has been confirmed, however.

"This exploit will occur when a specifically crafted Web page tries to create a range object with 'createRange,'" the ISC said. "So far it will only make the browser crash. If new information is made available, we will post updates."

Mozilla released Firefox 2.0 last week, nearly a year after making the last big upgrade. New features warn users of phishing Web sites, offer suggestions regarding frequently used search terms and corrects spelling mistakes.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Operating systems software



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...