Seems like F-Secure has found an issue with Firefox 1.5 for OS X and it’s saying that the security hole is big and bad. Well the open source browser has responded and negated F-Secure’s claim by stating:

We have investigated this issue and can find no basis for claims that variants of this denial-of-service attack can cause an exploitable crash, and no evidence for this claim has been offered. There does not appear to be any risk to users or their computers beyond the temporary unresponsiveness at startup.

Now SANS has got a full write up on this security issue that may put this whole thing into a ping-pong match. The issue is well defined as is a work around. It’s highly advised you read this article in full if you use Firefox 1.5 on OS X. Better safe then sorry, aye?

Tags: firefox, vulnerability, security, sans, f-secure, 1.5