SenutyEnool Posted October 2, 2006 Share Posted October 2, 2006 SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said. "Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it. Link: -> FireFlaw.... errr... Fox __________________________ Cheers from your intrepid webreporter Quote Link to comment Share on other sites More sharing options...
greenknight Posted October 2, 2006 Share Posted October 2, 2006 Fortunately, Firefox makes it easy to disable java script: Tools > Options > Content, uncheck "Enable JavaScript". Good idea to do that for sites you don't definitely know are safe, especially since those boneheads publicly released exploit code for this vulnerability. Or, you could use the NoScript extension, which disables JavaScript, Java, etc, except for sites you choose to allow. Quote Link to comment Share on other sites More sharing options...
Administrator Tarun Posted October 2, 2006 Administrator Share Posted October 2, 2006 Added to frontpage. Quote Link to comment Share on other sites More sharing options...
greenknight Posted October 3, 2006 Share Posted October 3, 2006 You might want to update that, turns out it was mostly a hoax. All it was, really, was a script that crashes Firefox - no exploit code. Mozilla Developer News » Blog Archive » Update: Possible Vulnerability Reported at Toorcon <edit> I found the bug that's been filed about this. Careful, the testcase will cause a crash! https://bugzilla.mozilla.org/show_bug.cgi?id=355069 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.