10/1/2006

Hackers claim zero-day flaw in Firefox

Filed under: — By Aviran Mordo @ 8:39 am

The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference. The flaw affects Firefox on Windows, Apple Computer’s Mac OS X and Linux, they said.

The flaw is specific to Firefox’s implementation of JavaScript, a 10-year old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a “complete mess,” he said. “It is impossible to patch.”

The JavaScript issue appears to be a real vulnerability, Window Snyder, Mozilla’s security chief, said after watching a video of the presentation Saturday night. “What they are describing might be a variation on an old attack,” she said. “We’re going to do some investigating.”

Source: News.com

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress