Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

CORD is Growing

Free, secure, easy — Linux as an alternative to Windows and Mac

Linux was originally conceived as a project for programmers and software developers. Thus, Information Technology and Engineering students first likely encountered Linux in their coding classes because of its hassle-free setup. Fifth-year Electronics and Communications Engineering (ECE) student Donald Dimailig sees Linux as a programmer-friendly OS compared to Windows. “In Windows, you still have to download and install compilers and Java. However in Linux, everything you need is right there,” Dimailig said. “My robotics laboratory class involves a lot of programming so it is much easier to use Linux,” he added. People with working knowledge of Linux and other open source software have better luck getting careers in server and systems management since Linux is installed in almost 97% of all internet servers according to web analytics company W3Cook. Linux’s reliability and security have made it the OS of choice for web servers around the world. Read more

Open Source History: The Spectacular Rise and Fall of VA Linux

What's the most successful company in open source history? Red Hat (RHT) and Canonical would probably top most people's lists. By one measure, however, VA Linux is far and away the most explosively popular Linux company to ever exist. That's if you measure success based on the highest value of its stock, which peaked and then fell dramatically 16 years ago. If you haven't heard of VA Linux, you probably grew up in the post dot-com bubble age. Once upon a time, the company was a huge presence in the open source world. Founded in 1993 as VA Research, the company known in its heyday as VA Linux initially sold computers with Linux preinstalled, aiming to compete with the likes of Dell. The company expanded rapidly, boasting $100 million in annual sales by 1998. In the same year, it received capital investments totaling $5.4 million from Intel and Sequoia Capital. The next year, an additional $25 million in funding arrived from an assortment of other backers. Read more

Debian Needs Artwork, Sysadmin Horrors, VA Linux

July 29 was System Administration Appreciation Day and OpenSource.com celebrated with five sysadmin horror stories. Tecmint.com put together a list of t-shirts for system administrators and The Register had a round-up of fun things to do. Back in Linuxland, Bits from Debian put out the call for new artwork for upcoming version 9.0 and Ian Murdock was honored at this year's International Free Software Forum. And finally, VarGuy.com contributor Christopher Tozzi looked back at VA Linux today saying it was probably the most successful Open Source company. Read more