Mozilla investigating new Firefox flaw

Mozilla's security team is busy looking into a new Firefox flaws for which hackers revealed exploit code over the weekend.

Elizabeth Montalbano (IDG News Service)
03 October, 2006 07:53
Comments

The security team at Mozilla is looking into a flaw in its Firefox Web browser that hackers exposed at a conference in San Diego over the weekend.

In a presentation at the ToorCon hacker conference on Saturday, hackers Mischa Spiegelmock and Andrew Wbeelsoi demonstrated exploit code for a vulnerability in the way Firefox handles Javascript.

On Monday, Mozilla said it was busy investigating the flaw, and did not offer any security researchers for comment because, according to spokeswoman Mary Colvig, they were all "heads down" on the problem. The company also said it will patch the flaw if it deems that action necessary.

The vulnerability could allow someone to execute a memory corruption attack on Firefox if a user browsed to a Web site that contained the exploit code, said Ken Dunham, director of the rapid response team at security services company iDefense, a VeriSign company.

"If you were to go to a Web site that contained the exploit code, it would fill up the available memory on the computer," he said. This would create an environment in which an attacker could take over the computer to do something harmful, he added.

Dunham said that iDefense labs tested the exploit code, and it was "unreliable" and crashed the Firefox browser. Because of this, he does not consider the exploit to be a critical threat to Firefox. However, "someone could make some changes to the exploit code and make it more reliable," Dunham said.

He added that there are other, more critical unpatched flaws in both Firefox and Microsoft's Internet Explorer browser that are currently under attack by hackers.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: iDefense, Microsoft, Mozilla, VeriSign

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Case Study: NZ Bus Develops Applications 60% Faster, Improves Database Performance by up to 35%

Key Benefits: Developed applications 60% faster, Created development and test environments in minutes compared to days and weeks previously, Reduced server costs by 30% with server virtualisation, Saved NZ$40,000 in database administrator training costs, Provided high availability features that keep the database and core applications up and running in the event of a server failure, Introduced compression capabilities that improved database performance by 30% to 35%. Read on.

Featured Download

HandBrake

HandBrake is an opensource tool that allows you to backup your DVDs so that you can store and watch them on your computer. Features include: ...

Zones

Most Popular Whitepapers

Three simple steps to better patch security

It’s estimated that 90% of successful attacks against software vulnerabilities could be prevented with an existing patch or configuration setting. Yet patching is a persistent challenge for IT managers. With the glut of patches released each year, how do you know which ones are truly critical security patches and which ones aren’t? And how can you identify which computers are actually missing the patches they need? This paper details a simple approach to patching that gives you better visibility into and control over patch assessment and compliance.

Popular tags: Business Management, Security, Storage, Data Centre, Master Data Management

Latest Jobs

Market Place

Mozilla investigating new Firefox flaw

Comments

Post new comment

Internode, iiNet improve results in customer satisfaction survey

iPhone 5 rumour rollup for the week ending February 10

Which tablet should I buy? iPad 2 vs Sony Tablet S

Customer service still dogs Telstra

iPad 3 rumour rollup for the week of February 7

IPv6 technology guide

SA minister urges change to Facebook ban

Microsoft at a loss over Event Viewer scam

TPG faces customer backlash over slowed net speeds

Exetel's John Linton passes away

NBN Co wholesale pricing too high: Telstra

Case Study: NZ Bus Develops Applications 60% Faster, Improves Database Performance by up to 35%

BI Optimisation: Building a Better Business Case for Business Intelligence

Best Practices for Energy Efficient Storage Operations Version 1.0

Disciplined Agile Delivery: An Introduction

HandBrake

Application Lifecycle Management

HP Converged Storage Zone

EMC Next Generation Backup – Backup & Recovery Solutions

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Three simple steps to better patch security

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Enabling Agile and Intelligent Businesses

Managed Services Strategy Guide

Disaster Recovery Strategy Guide

Computerworld newsletter

Don't have an account?

Mozilla investigating new Firefox flaw

Comments

Post new comment

Computerworld newsletter