Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

$15 Orange Pi PC hacker SBC packs 1.6GHz quad-core SoC

Shenzhen Xunlong tipped a $15 “Orange Pi PC” SBC with a 1.6GHz quad-core Cortex-A7 SoC, Pi-compatible expansion, HDMI, 100Mbit Ethernet, quad USB, and more. Late last year and early this year, Shenzhen Xunlong Software introduced a family of open-spec, Linux- and Android-ready “Orange Pi” single board computers. The first two, the $49 Orange Pi and $40 Orange Pi Mini, were built with the Allwinner A20 SoC, featuring a dual-core, 1GHz Cortex-A7 CPU and PowerVR SGX544MP2 GPU. They were soon followed by the $59 Orange Pi Plus, based on a new, low cost quad-core, 1.6GHz Cortex-A7 Allwinner H3 SoC, featuring a Mali-400 MP2 GPU. Read more

Mozilla and Add-ons

  • Firefox 40.0.3 Brings Bug-Fixes Only
  • Reactions to Mozilla’s announcement about upcoming Firefox add-on changes
  • Mixed Feelings Greet Mozilla's Add-ons Overhaul
    Also new is a requirement for add-ons to be reviewed and signed by Mozilla before their deployment. Back in April, Mozilla's security lead Daniel Veditz published The Case for Extension Signing, addressing the volume of feedback their announcement had generated from the developer community. Veditz said the internet browsing experience for tens of thousands of people was being shaped by "third party add-ons in ways they did not choose and that benefit third parties, not the user."
  • Please, God, Don't Let Mozilla Ruin Firefox
    A week ago, Mozilla shed some light on its future, laying out a plan on how the browser is going to dramatically change in the upcoming months. While most of us understood "Chrome extensions were coming to Firefox," it is not as simple as we all thought.
  • The future of Firefox Add-ons - Nope
    Once in a while, I must give my sermons, to help you figure out how things work. Why this is not going to be good for us, the users, and why we must duly prepare, in advance. As it happens, Mozilla does not fully understand the market. It truly does not. When you make decisions based on incorrect data, you are bound to make a disastrous choice. Let's try to amend this, if possible.

Leftovers: Ubuntu

today's howtos