Mozilla Firefox versions 3.5 and 3.5.1 contain a vulnerability that could allow an unauthenticated, remote attacker to cause the affected software to crash.
The vulnerability is due to a lack of bounds checking when the application handles Unicode characters. An unauthenticated, remote attacker could exploit this vulnerability by creating a malicious web page that contains crafted Unicode characters. By convincing a user to visit the page, the attacker could cause a stack-based buffer overflow that is not exploitable for code execution. An exploit could cause the application to crash.
Exploit code is publicly available which can crash the affected browser.
Mozilla has confirmed this vulnerability; however, software updates are not available.