Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Wayland and Weston 1.6 alpha snapshot (1.5.91)

release plan continues as follows: - two weeks to let the alpha version stabilize, and only merge small features along with bug fixes - RC1 release on September 5th, Friday - bugfixing - RC2 release on September 12th, Friday - hopefully no more bugfixing much - 1.6.0 release on September 19th, Friday - at some point later master branch opens again for all new things. Read more

Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated

A Munich city council spokesman has attempted to clarify the reasons behind its plan to re-examine the role of open-source software in local government IT systems. Read more

Apache Tomcat 8.0.0 RC11 Now Available for Download and Testing

Apache Tomcat, an open source software implementation of the Java Servlet and JavaServer Pages technologies, developed under the Java Community Process, is now at version 8.0.0 RC11. Read more

Operating System U

Are you tired of being forced to upgrade your Operating System regularly? What about the unnecessary changes that end up being made, changes that you don’t even want, much less need? How would you like to pick and choose what aspects of your operating system you want upgraded, and leave the ones you know, love, and are accustomed to how they are? Read more