Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Canonical Patches Four Linux Kernel Vulnerabilities in Ubuntu 15.04 and Ubuntu 14.04

Today, July 28, Canonical published details about new Linux kernel updates for its Ubuntu 15.04 (Vivid Vervet) and Ubuntu 14.04 LTS (Trusty Tahr) operating systems, urging users to update the installations as soon as possible. Read more

Ubuntu Software Center Is Really Hated by the Community, but Why?

Ubuntu MATE recently decided to drop the Ubuntu Software Center and it will not longer be available with the upcoming 15.10 Alpha 2 release. This is interesting in itself, but this editorial is about another aspect. From the looks of it, a very large part of the Ubuntu and Linux community really hates the Ubuntu Software Center. Read more

Wine Announcement

The Wine development release 1.7.48 is now available. What's new in this release (see below for details): - Fleshed out OpenMP implementation. - I/O stream support in the MSVCIRT C++ runtime. - Support for pixel snapping in DirectWrite. - More support for OpenGL core contexts. - Various bug fixes. Read more

Canonical Closes QEMU Vulnerabilities in Ubuntu 15.04 and Ubuntu 14.04 LTS

Three QEMU vulnerabilities have been found and corrected in Ubuntu 15.04 and Ubuntu 14.04 LTS operating systems by Canonical. Read more