Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.


More in Tux Machines

Red Hat News

IBM releases Power-based Linux servers with Nvidia GPUs

The Power Systems LC line was introduced by Dr Stefanie Chiras, director and business line executive of IBM scale-out Power Systems, as part of her keynote on the subject of 'waitless computing'. IBM, as a patron of the OpenPower Foundation, has been a staunch supporter of Linux and OpenStack, and this represents a logical step for the company, as it has been building its Power line following the sale of its x86 server business to Lenovo in 2014. Read more

What Are Linux Meta-packages?

I was recently in a discussion about meta-packages, and realized many users don’t know what they are or what they do. So, let’s see if we can clear-up the mystery. Meta-packages in a nutshell A ‘meta-package’ is a convenient way to bulk-install groups of applications, their libraries and documentation. Many Linux distributions use them for a variety of purposes, from seeding disk images that will go on to become new releases, to creating software “bundles” that are easy for a user to install. A meta-package rarely contains anything other than a changelog and perhaps copyright information, it contains no applications or libraries within itself. The way they work is by having a list of “dependencies” that the package manager reads. The package manager then goes to the repositories to find the dependencies and installs them. (Read the rest at Freedom Penguin)

Antenna recommendation

Astros vs Yankees Live Streaming