‘Critical’ Firefox security flaw
p2pnet.net News:- Firefox is critically flawed because of its JavaScript implementation, say hackers Mischa Speigelmock and Andrew Wbeelsoi.
It looks as though Speigelmock and Wbeelsoi, “had enough information in their slide for an attacker to reproduce it,” said Mozilla security chief Window Snyder, quoted by Silicon.com.
“I think it is unfortunate because it puts users at risk but that seems to be their goal.”
Revealing the shocker at at this year’s San Diego ToorCon hacker convention, the two, “detailed the flaw in a slide containing key parts of the attack code needed to exploit Firefox and the computer running the browser,” says Bit-Tech, continuing:
“Various JavaScript tricks can be used to cause a stack overflow error on the host system, regardless of what OS the computer is running. Speigelmock later went on to say that the browser’s JavaScript implementation is a ‘complete mess’ and ‘impossible to patch’.”
Snyder admitted the vulnerability appears to be real, stating, “What they are describing might be a variation on an old attack. We’re going to do some investigating,” says Silicon.com.
However, “the presentation probably gives Mozilla enough data to fix the apparent flaw, Snyder said,” according to ZDNet News, although addressing it might be tougher than the average patch, she stated, adding, “If it is in the JavaScript virtual machine, it is not going to be a quick fix,” Snyder said.
Also See:
Silicon.com – “Impossible to patch”: Hackers unearth Firefox hole, October 2, 2006
Bit-Tech – Firefox is critically flawed, October 2, 2006
ZDNet News – Hackers claim zero-day flaw in Firefox, September 30, 2006
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php
