Firefox is critically flawed
View at bit-tech.net
At this year's ToorCon hacker convention, two hackers stated that Firefox is critically flawed because of the way it has implemented JavaScript.
The two hackers, Mischa Speigelmock and Andrew Wbeelsoi, detailed the flaw in a slide containing key parts of the attack code needed to exploit Firefox and the computer running the browser.
Various JavaScript tricks can be used to cause a stack overflow error on the host system, regardless of what OS the computer is running. Speigelmock later went on to say that the browser's JavaScript implementation is a 'complete mess' and 'impossible to patch'.
Window Snyder, Mozilla's security chief, said that the problem appears to be a real vulnerability and 'might be a variation of an old attack'. 'We're going to be doing some investigating,' she continued.
Snyder also said that she wasn't entirely happy with the hacker's disclosure of the exploit, because there was enough information for an attacker to expose the flaw. She went on to say that 'I think it is unfortunate because it puts users at risk, but that seems to be their goal.' However, she also stated that there was enough information there for Mozilla to work on a fix.
At this year's ToorCon hacker convention, two hackers stated that Firefox is critically flawed because of the way it has implemented JavaScript.The two hackers, Mischa Speigelmock and Andrew Wbeelsoi, detailed the flaw in a slide containing key parts of the attack code needed to exploit Firefox and the computer running the browser.
Various JavaScript tricks can be used to cause a stack overflow error on the host system, regardless of what OS the computer is running. Speigelmock later went on to say that the browser's JavaScript implementation is a 'complete mess' and 'impossible to patch'.
Window Snyder, Mozilla's security chief, said that the problem appears to be a real vulnerability and 'might be a variation of an old attack'. 'We're going to be doing some investigating,' she continued.
Snyder also said that she wasn't entirely happy with the hacker's disclosure of the exploit, because there was enough information for an attacker to expose the flaw. She went on to say that 'I think it is unfortunate because it puts users at risk, but that seems to be their goal.' However, she also stated that there was enough information there for Mozilla to work on a fix.
Comments
Post a Comment