On GameSpot: Guitar Hero: Aerosmith set list revealed
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack

By Dawn Kawamoto, News.com
Posted on ZDNet News: Apr 5, 2005 9:24:00 PM

A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

  • Talkback
  • Most Recent of 69 Talkback(s)
Get a life
There are far too many posts on this subject by people who really need to get a life.

BTW I read these threads hoping to pick up some usefull information. I only post replies when I have somet... (Read the rest)
Posted by: High Sierra Posted on: 04/07/05 You are currently: Logged In | Log out
Just proves DragonBRockin   | 04/05/05
Duhhhhhhhh...... not a great insight MalwareAvenger   | 04/05/05
Your response is not very insightfull either! ShadeTree   | 04/05/05
I know you are but what am I stormdoor   | 04/05/05
My point is to point out the problems ... ShadeTree   | 04/05/05
The point is to let OpenSource shine. nucrash   | 04/06/05
I did not bash Open Source ShadeTree   | 04/06/05
Thanks for "enlightening" us Shadey McGrady! Jeff Spicoli   | 04/05/05
I know what he was doing ... ShadeTree   | 04/05/05
Nope Jeff Spicoli   | 04/05/05
someone just earned a firefox bounty hipparchus2000   | 04/05/05
"Did I do that?" ShadeTree   | 04/05/05
disingenuous Shadey Jeff Spicoli   | 04/05/05
Let me spell it out for you! ShadeTree   | 04/05/05
Nope Shadester, try again! Jeff Spicoli   | 04/05/05
no need to rationalize the truth. linuxoverwindows   | 04/06/05
Too true Jeff Spicoli   | 04/06/05
Then why do you suppose so many Linux ... ShadeTree   | 04/06/05
Nevertheless michael-t   | 04/05/05
Secunia Advisories ab@...   | 04/05/05
so would you go visit a neighbourhood 'A'.... hipparchus2000   | 04/05/05
Exactly Hippo Jeff Spicoli   | 04/05/05
Doesn't matter Real World   | 04/06/05
would you use a surgeon with 5% death rate or another with 1% death rate hipparchus2000   | 04/06/05
Honestly Real World   | 04/06/05
"I don't have a significantly higher chance of dying either way" hipparchus2000   | 04/07/05
5% or 1%... Wolfie2K3   | 04/06/05
Yup! golowenow   | 04/07/05
one point... linuxoverwindows   | 04/06/05
Bwahahahaha!!! Awesome one dude! Jeff Spicoli   | 04/06/05
Bwahahahaha!!!! Hippo!!! Jeff Spicoli   | 04/06/05
Jeff! Look up! Quick! Real World   | 04/07/05
but how long til its fixed? linuxoverwindows   | 04/06/05
My browser will be immune in voska   | 04/05/05
Umm...there is a flaw in your logic voska... Stellardyne   | 04/05/05
I know voska   | 04/05/05
Not visit porn sites Argonnj   | 04/05/05
meaningless Jeff Spicoli   | 04/05/05
so you're saying if you like going to porno sites use firefox hipparchus2000   | 04/07/05
shabby reporting Arm A. Geddon   | 04/05/05
Since it is in the java script ... ShadeTree   | 04/05/05
Or you could IT_User   | 04/05/05
true... Arm A. Geddon   | 04/05/05
Nope, IE is immune. Qbt   | 04/05/05
visited secunia... Arm A. Geddon   | 04/05/05
Nope, FIREFOX is immune hehe golowenow   | 04/07/05
Here ya go Arm, a place to test it for yourself Squawkbox   | 04/05/05
thx squawkbox !! Arm A. Geddon   | 04/06/05
Just shows you can slice statistics anyway you like ryxr30   | 04/05/05
Ok now compare the time it took to address the flaws Squawkbox   | 04/05/05
What? NonZealot   | 04/05/05
The whole holier-than-thou attitude Scrat   | 04/06/05
Well not exactly Squawkbox   | 04/06/05
Looking at Secunia's Site michael-t   | 04/05/05
Nice spin IT Scion   | 04/06/05
FYI michael-t   | 04/06/05
Go ahead! Click on THAT link golowenow   | 04/07/05
Wow IT Scion   | 04/07/05
ooops IT Scion   | 04/07/05
It's already fixed InvisiBill_z   | 04/06/05
i have IE and followed the secunia link to take the test. wessonjoe   | 04/06/05
IE not affected JJ_z   | 04/06/05
working with what you've got... liberalenextrema@...   | 04/06/05
Does Firefox autoupdate itself yet FilledOut   | 04/06/05
Over old. IT Scion   | 04/06/05
IE Patches, FF has new builds zookeeperz@...   | 04/06/05
So Far, No, I'm Not Rethinking! WildcatRay   | 04/07/05
Boohoo golowenow   | 04/07/05
Get a life High Sierra   | 04/07/05

What do you think?

advertisement
advertisement