Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Contributing to open source software with Ian Varley of Salesforce

With open source, you're expanding the sphere of people who might potentially care a lot about your code. You find others who have similar problems, and who can leverage your work and maybe even extend it. The knowledge that you've helped someone avoid "rebuilding the wheel" is really gratifying, and it's amplified when those people actually start getting so involved that they give you contributions of code or ideas. The project picks up steam, and you might even get unforeseen help tackling those issues you didn't have bandwidth to tackle yourself. Really, it's the gift that keeps on giving. Read more

IPFire 2.19 Core Update 101 Patches Cross-Site-Scripting Vulnerability in Web UI

The development team behind the IPFire software have announced the general availability of the Core Update 101 of the IPFire 2.19 Linux kernel-based firewall distribution. Read more

pfSense 2.3 Open-Source BSD Firewall Gets Patch That Fixes NTP Security Issues

pfSense developer Chris Buechler announced the availability of a small update for the stable pfSense 2.3 open-source firewall platform based on the FreeBSD operating system. Read more

today's leftovers