Jump to content

Hackers claim zero-day flaw in Firefox

Recommended Posts

SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

Link: -> FireFlaw.... errr... Fox


Cheers from your intrepid webreporter book.gif

Link to comment
Share on other sites

Fortunately, Firefox makes it easy to disable java script: Tools > Options > Content, uncheck "Enable JavaScript". Good idea to do that for sites you don't definitely know are safe, especially since those boneheads publicly released exploit code for this vulnerability.

Or, you could use the NoScript extension, which disables JavaScript, Java, etc, except for sites you choose to allow.

Link to comment
Share on other sites

You might want to update that, turns out it was mostly a hoax. All it was, really, was a script that crashes Firefox - no exploit code. Mozilla Developer News » Blog Archive » Update: Possible Vulnerability Reported at Toorcon

<edit> I found the bug that's been filed about this. Careful, the testcase will cause a crash! https://bugzilla.mozilla.org/show_bug.cgi?id=355069

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...