Nasty FireFox security hole..

[[JiF]Timmay!]

I know some people here are big fans. Beware JavaScript at sites you're not familiar with...

Firefox vulnerable to JavaScript hackers
By Stan Beer
Tuesday, 03 October 2006

Two hackers have detailed a serious security flaw in the Firefox web browser that would enable attackers to gain control of any computer running the Internet Explorer rival regardless the underlying operating system.

According to Mischa Spiegelmock and Andrew Wbeelsoi, who gave a detailed presentation at the ToorCon hacker conference in San Diego on Saturday, the vulnerability is not able to be patched unless Mozilla rewrites key sections of its JavaScript code.

The two hackers gave a detailed presentation on stage showing a slide with key information on how to exploit the vulnerability. They said that a hacker could gain control of a computer which visits a web page containing malicious JavaScript code.

Mozilla is taking the presentation seriously and is reportedly annoyed at the way the hackers disclosed the exploit in enough detail for a hacker to repoduce it.

What was even more disturbing to Mozilla is that Spiegelmock and Wbeelsoi claim to have knowledge of about 30 Firefox vulnerabilities and have no intention of responsibly disclosing them to Mozilla.

It seems that the US$500 a flaw bounty that Mozilla is willing to pay hackers who find genuine vulnerabilities was not enough incentive to dissuade the two hackers from contributing to the sort of environment that forces internet users to be wary of what sites they visit.

From http://www.itwire.com.au/content/view/5965/53/ .

[[JiF][AARP]Grimp]

I dunno that link does not seem to work for me. Are you just making this up

[[JiF]Timmay!]

JubJub sent it to me - that may be the problem..

Actually, I think the site is down. Could get there earlier but now it looks like it's gonna timeout.

edit: different source at http://news.com.com/Hackers+claim+zero- ... 21608.html

[[JiF][AARP]Grimp]

TY

[[JiF]ALargeWoodenBadger]

I know some people here are big fans. Beware JavaScript at sites you're not familiar with...

Firefox vulnerable to JavaScript hackers
By Stan Beer
Tuesday, 03 October 2006

Two hackers have ...

Seeing as today is Monday, 02 October 2006 maybe these hackers can still be stopped before they discover the flaw.

[[JiF]Mentat]

Ummm, I read this post and just glanced at that date. I later in the day, wrote a check and was convinced it was the third. ...and now that I finally made this reply, it is the third. Perhaps this thread is a temporal anomaly...

[[JiF]Mentat]

http://www.heise-security.co.uk/news/78970 ... a hoax?

[[JiF][AARP]Grimp]

Figures JubJub would send us a hoax

[JubJub]

Somebody say my name?

Grimp - you still able to type at your age?

[[JiF]Stepovich]

'Bout time you visited us Jub!

[[JiF]Crash]

'Bout time you visited us Jub!

To the boot with you Jubs.. I've already called shotgun on the front seat. I guess Step is stuck with ya

[[JiF][AARP]Grimp]

No I can't my assisted living person does all my typing.

[[JiF][AARP]Tissueman]

No I can't my assisted living person does all my typing.

Hey! How did you get an assisted living person? All I could get is an assisted dead person who is useless.