Foxit outfoxes fiendish flaw to fix foxed-up Firefox PDF plugin
Buffer-boundary bashing bug blatted
Foxit Software has fixed a critical security hole in its PDF plugin for web browsers.
A bug in the code allowed overly long URLs in web links to crash the utility - billed as a "better" alternative to Adobe's software - or potentially inject malicious code into vulnerable Windows systems. The stack-based buffer overflow flaw is present in versions 5.4.4 and earlier of the software.
Users of the PDF-viewing plugin are advised to update to version 5.4.5 as explained in an advisory by Foxit. The company credits Danish security notification firm Secunia and Core Security Technologies for finding and confirming the issue in the Firefox build of the software, respectively. ®