Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hackers Claim Zero-day Flaw In Firefox


  • Please log in to reply
2 replies to this topic

#1 Mr Alpha

Mr Alpha

  • Members
  • 1,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:27 PM

Posted 01 October 2006 - 08:54 AM

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

The flaw is specific to Firefox's implementation of JavaScript, a 10-year old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."

It looks like they had enough information in their slide for an attacker to reproduce it. I think it is unfortunate because it puts users at risk, but that seems to be their goal.

Hackers claim zero-day flaw in Firefox @ CNET News

EDIT: Mentioning the NoScript extension right about now is probably a good idea.

Edited by Mr Alpha, 01 October 2006 - 08:56 AM.

"Anyone who cannot form a community with others, or who does not need to because he is self-sufficient [...] is either a beast or a god." Aristotle
Intel Core 2 Quad | XFX 780i SLI | 8GB Corsair | Gigabyte GeForce 8800GTX | Auzentech X-Fi Prelude| Logitech G15 | Logitech MX Revolution | LG Flatron L2000C | Logitech Z-5500 Digital

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,137 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:27 PM

Posted 03 October 2006 - 10:02 AM

RETIRED: Mozilla Firefox Multiple Unspecified Javascript Vulnerabilities

Update (October 3, 2006): This BID is being retired as reports indicate that these issues are a hoax. The researchers responsible for disclosing these vulnerabilities have claimed that their original reports were not correct...

http://www.securityfocus.com/bid/20294/discuss
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 no one

no one

  • Members
  • 843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PCLinuxOS Land
  • Local time:02:27 PM

Posted 03 October 2006 - 11:40 AM

Mozilla flaws more joke than jeopardy
Robert Lemos, SecurityFocus 2006-10-03

Two presenters razzed developers of the open-source Mozilla browser this weekend at the ToorCon hacking convention in San Diego with claims that the browser's Javascript implementation is flawed, but the lecture appears to have been more stand-up comedy routine than substantiative research.
http://www.securityfocus.com/news/11416


"Not everything that counts can be counted, and not everything that can be counted counts."

"Whoever fights monsters should see to it that in the process he does not become a monster"

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users