Firefox Remote Attacker Vulnerability Reported

SecurityTracker has reported, at http://securitytracker.com/alerts/2006/Aug/1015981.html, a vulnerability in the increasingly popular Firefox browser which could allow a remote attacker to run arbitrary code.

A remote user could create HTML code which, when loaded by the victim's browser, would cause a buffer overflow with the possibility of crashing the browser or even remotely running code on the affected system.

The problem lies in the js320.dll and xpcom_core.dll due to the fact that the browser does not correctly handle the Javascript code included in the iframe.contentWindow.focus() function.

A demo exploit for this vulnerability has been published which means real world exploits are not far behind.