Jump to content
Sign in to follow this  
SenutyEnool

Hackers claim zero-day flaw in Firefox

Recommended Posts

SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

Link: -> FireFlaw.... errr... Fox

__________________________

Cheers from your intrepid webreporter book.gif

Share this post


Link to post
Share on other sites

Fortunately, Firefox makes it easy to disable java script: Tools > Options > Content, uncheck "Enable JavaScript". Good idea to do that for sites you don't definitely know are safe, especially since those boneheads publicly released exploit code for this vulnerability.

Or, you could use the NoScript extension, which disables JavaScript, Java, etc, except for sites you choose to allow.

Share this post


Link to post
Share on other sites

You might want to update that, turns out it was mostly a hoax. All it was, really, was a script that crashes Firefox - no exploit code. Mozilla Developer News » Blog Archive » Update: Possible Vulnerability Reported at Toorcon

<edit> I found the bug that's been filed about this. Careful, the testcase will cause a crash! https://bugzilla.mozilla.org/show_bug.cgi?id=355069

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×