Firefox JavaScript Flaw
It appears that the folks over at Secunia have found a JavaScript flaw in Firefox. The flaw allows a script to read an arbitrary amount of information contained in the browser memory. This data could be anything from URLs to JavaScript commands. Secunia has posted a test that demonstrates the flaw. The test uses a buffer overrun technique to access the memory, similar to popular hacking methods used worldwide.
Disclaimer: Any viewpoints and opinions expressed in this article are those of Nicholas C. Zakas and do not, in any way, reflect those of my employer, my colleagues, Wrox Publishing, O'Reilly Publishing, or anyone else. I speak only for myself, not for them.
Both comments and pings are currently closed.
2 Comments
This has been fixed on trunk builds and will be included in Firefox 1.0.3 that should be out any day now. Those guys really fix security issues fast!
José Jeria on April 6th, 2005 at 3:41 am
Ah the beauty of open source software! It would take Microsoft about three months to release a patch for IE.
Nicholas C. Zakas on April 6th, 2005 at 10:25 am
Comments are automatically closed after 14 days.