Hackers claim zero-day flaw in Firefox

Discussion in 'Mac Apps and Mac App Store' started by hagjohn, Oct 1, 2006.

  1. hagjohn macrumors 6502

    hagjohn

    Joined:
    Aug 27, 2006
    Location:
    Pennsylvania
    #1
    Hackers claim zero-day flaw in Firefox
    By Joris Evers
    Staff Writer, CNET News.com
    Published: September 30, 2006, 10:57 PM PDT


    SAN DIEGO, Calif.--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

    An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

    "Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

    The flaw is specific to Firefox's implementation of JavaScript, a 10-year old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."

    Read rest of article at news.com

    Source: News.com
     
  2. gauchogolfer macrumors 603

    gauchogolfer

    Joined:
    Jan 28, 2005
    Location:
    American Riviera

Share This Page