Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.


More in Tux Machines

Today and Yesterday in Techrights

Plasma 5.8.2, Applications 16.08.2 and Frameworks 5.27.0 available in Chakra

The latest updates for KDE's Plasma, Applications and Frameworks series are now available to all Chakra users. The Plasma 5.8.2 release provides additional bugfixes to the many new features and changes that were introduced in 5.8.0 aimed at enhancing users' experience: Read more

Yocto driven camera design taps octa-core Snapdragon

Qualcomm and Thundercomm unveiled a Linux-supported, 4K camera reference design with an octa-core Snapdragon 625 and video analytics software. Qualcomm and hardware partner Thundercomm Technology announced an IP Connected Camera reference design called the Snapdragon 625 IP Camera built around its 14nm-fabricated, octa-core Cortex-A53 Snapdragon 625 system-on-chip. This is Qualcomm’s first Connected Camera design to support Linux instead of Android. Read more