p2pnet - rss feed: Firefox security flaw
p2pnet.net News:- Secunia has found a “Moderately critical’ hole in Firefox, which can be opened by hackers to get, “potentially sensitive information”.
It’s caused by an error in the JavaScript engine, as a “lambda” replace exposes arbitrary amounts of heap memory after the end of a JavaScript string, says the company, adding that successful exploitation, “may disclose sensitive information in memory”.
If you’re a Firefox user, go here to see whether or not you’re affected.
If you are and you’re concerned, until Firefox gets on it, Secunia suggests you disable JavaScript support.
Something you think we should know? tips[at]p2pnet.net
See:-
Secunia - Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability, April 4, 2005
April 6th, 2005 at 2:40 am
Arrrrrrg!
It applies to mozilla too.
Now to wait for the patch and to patch all computers affected…
April 6th, 2005 at 7:54 am
And thats just a browser. Imagine millions upon millions of intricate Operating System code. Anything popular will be scrutinized, and sooner or later people will be coding exploits for it. Stop beating on Microsoft.
April 6th, 2005 at 1:38 pm
Now imagine all the professional virus and spyware authors out there with specialized tools stepping through object code finding exploits. Microsoft’s product are closed source, and yet faults are continually found.
What open source does is allow everyone even those who do not have the professional tools available to discover bugs in the software and let everyone know aboyut them.
Security tip: If you use Firefox or any other Mozilla based product to amke business, close the browser and open a new one if visiting a questionable website to prevent information disclosure or else turn off Java Script. One feature I like about Konqueror is that you can block javascript for specific websites. That sounds like a good feature that Firefox should incorporate.