There are conflicting reports as to whether a flaw in a new version of Firefox is exploitable or not.

Firefox 3.5.1, published only last week in rapid response to an unpatched vulnerability discovered days earlier, is itself vulnerable to a bug involving the handling of very long Unicode strings.

However, Mozilla published an advisory on Sunday stating the unpatched flaw only poses a minimal cross-platform browser crash risk.

"While these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug," Mozilla said. "Our analysis indicates that it is not, and we have seen no example of exploitability." ®

Related stories

• Mozilla Store shuttered after vendor security breach (5 August 2009)
• Firefox laggards offered security update (22 July 2009)
• Firefox 3.7 swivels glassy eye (22 July 2009)
• Firefox update fixes zero-day JavaScript flaw (17 July 2009)
• Zero-day fixes star in MS Patch Tuesday (15 July 2009)
• Updated Unpatched Firefox flaw lets fox into henhouse (14 July 2009)
• Second unpatched ActiveX bug hits IE (14 July 2009)
• Mozilla Labs issues 'major' Ubiquity upgrade (9 July 2009)
• Firefox 3.5 patch coming soon as Mozilla cranks up downloads (3 July 2009)
• Review Firefox 3.5 - it's not a 'web upgrade' (30 June 2009)
• Mozilla's servers wobble as Firefox 3.5 hits interwebs (30 June 2009)
• Chrome update completes busy browser patch week (12 June 2009)
• Firefox update squashes 9 security bugs, 4 critical (12 June 2009)
• Firefox users flip out over sneak MS add-on (1 June 2009)
• Patches bring zero-day relief from PDF and PowerPoint flaws (13 May 2009)