Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

FATHOM releases Crystallon

  • FATHOM releases Crystallon, an open-source software for lattice-based design
    Lattice structures are integral to 3D printed designs, and Aaron Porterfield, an industrial designer at additive manufacturing service bureau FATHOM, has developed Crystallon, an open source project for shaping them into structures.
  • FATHOM Introduces Open Source Software Project for Generating 3D Lattice Structures
    California-based FATHOM, which expanded its on-site managed services and announced important partnerships with Stratasys and Desktop Metal last year, is introducing a fascinating new open source project called Crystallon, which uses Rhino and Grasshopper3D to create lattice structures. FATHOM industrial designer Aaron Porterfield, also an Instructables member, developed the project as an alternative to designing lattices with commercially available software. He joined the company’s design and engineering team three years ago, and is often a featured speaker for its Design for Additive Manufacturing (DfAM) Training Program – and as the project developer, who better to explain the Crystallon project?

Kernel and Graphics: Machine Learning, Mesa, Wayland/Mir, AMDGPU

  • AI-Powered / Machine Learning Linux Performance Tuning Is Now A Thing
    A year and a half ago I wrote about a start-up working on dynamically-tuned, self-optimizing Linux servers. That company is now known as Concertio and they just launched their "AI powered" toolkit for IT administrators and performance engineers to optimize their server performance. Concertio Optimizer Studio is their product making use of machine learning that aims to optimize Linux systems with Intel CPUs for peak performance by scoping out the impact of hundreds of different tunables for trying to deliver an optimal configuration package for that workload on that hardware.
  • Pengutronix Gets Open-Source 3D Working On MX8M/GC7000 Hardware
    We've known that Pengutronix developers had been working on i.MX8M / GC7000 graphics support within their Etnaviv open-source driver stack from initial patches posted in January. Those patches back at the start of the year were for the DRM kernel driver, but it turns out they have already got basic 3D acceleration working.
  • SDL Now Disables Mir By Default In Favor Of Wayland Compatibility
    With Mir focusing on Wayland compatibility now, toolkits and other software making direct use of Mir's APIs can begin making use of any existing Wayland back-end instead. GTK4 drops the Mir back-end since the same can be achieved with the Wayland compatibility and now SDL is now making a similar move.
  • Mesa 18.1 Receives OpenGL 3.1 With ARB_compatibility For Gallium3D Drivers
    Going back to last October, Marek of AMD's open-source driver team has been working on ARB_compatibility support for Mesa with a focus on RadeonSI/Gallium3D. Today that work was finally merged. The ARB_compatibility support allows use of deprecated/removed features of OpenGL by newer versions of the specification. ARB_compatibility is particularly useful for OpenGL workstation users where there are many applications notorious for relying upon compatibility contexts / deprecated GL functionality. But ARB_compatibility is also used by a handful of Linux games too.
  • AMDGPU In Linux 4.17 Exposes WattMan Features, GPU Voltage/Power Via Hwmon
    AMD's Alex Deucher today sent in the first pull request to DRM-Next of AMDGPU (and Radeon) DRM driver feature material that will in turn be merged with the Linux 4.17 kernel down the road. There's some fun features for AMDGPU users coming with this next kernel! First up, Linux is finally getting some WattMan-like functionality after it's been available via the Windows Radeon Software driver since 2016. WattMan allows for more fine-tuning of GPU clocks, voltages, and more for trying to maximize the power efficiency. See the aforelinked article for details but currently without any GUI panel for tweaking all of the driver tunables, this WattMan-like support needs to be toggled from the command-line.

Wine and Ganes: World of Warcraft, Farm Together, Madcap Castle, Cityglitch

Security Leftovers