10/3/2006

Mozilla Duped by Hacker’s ‘Humorous’ Presentation

Filed under: — By Aviran Mordo @ 6:28 pm

One of the hackers who demonstrated exploit code for a vulnerability in the way the Firefox browser handles JavaScript admitted today that the presentation last week at a hacker conference was meant to be a joke, according to Mozilla’s chief of security.

Mozilla security researchers spent most of Sunday and Monday scrambling to determine whether exploit code revealed during a presentation by hackers Mischa Spiegelmock and Andrew Wbeelsoi at Toorcon over the weekend could allow someone to execute malicious code through a memory corruption attack on Firefox.

However, Window Snyder, who leads Mozilla’s security team, said Spiegelmock admitted to the company that the presentation was meant to be humorous, and that he and Wbeelsoi had not actually achieved remote execution with the exploit code demonstrated at the show.

“At best, in some cases it will crash only the client,” Snyder said Tuesday. “That’s all we’ve been able to verify at this point.”

Spiegelmock, who works for blogging-software maker Six Apart, confirmed as much in his LiveJournal blog, in which he includes a link to a statement he made that is posted on Snyder’s Mozilla blog.

Source: Yahoo

 

Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress