On TV.com: 2009's Most PIRATED TV Show
BNET Business Network:
BNET
TechRepublic
ZDNet
69 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: Apr 5, 2005 9:24:00 PM

A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 69 Talkback(s)
Get a life
There are far too many posts on this subject by people who really need to get a life.

BTW I read these threads hoping to pick up some usefull information. I only post replies when I have somet... (Read the rest)
Posted by: High Sierra Posted on: 04/07/05 You are currently: a Guest | | Terms of Use
Just proves  DragonBRockin | 04/05/05
Duhhhhhhhh...... not a great insight  MalwareAvenger | 04/05/05
Your response is not very insightfull either!  ShadeTree | 04/05/05
I know you are but what am I  stormdoor | 04/05/05
My point is to point out the problems ...  ShadeTree | 04/05/05
The point is to let OpenSource shine.  nucrash | 04/06/05
I did not bash Open Source  ShadeTree | 04/06/05
Thanks for "enlightening" us Shadey McGrady!  Jeff Spicoli | 04/05/05
I know what he was doing ...  ShadeTree | 04/05/05
Nope  Jeff Spicoli | 04/05/05
someone just earned a firefox bounty  hipparchus2000 | 04/05/05
"Did I do that?"  ShadeTree | 04/05/05
disingenuous Shadey  Jeff Spicoli | 04/05/05
Let me spell it out for you!  ShadeTree | 04/05/05
Nope Shadester, try again!  Jeff Spicoli | 04/05/05
no need to rationalize the truth.  linuxoverwindows | 04/06/05
Too true  Jeff Spicoli | 04/06/05
Then why do you suppose so many Linux ...  ShadeTree | 04/06/05
Nevertheless  michael-t | 04/05/05
Secunia Advisories  ab@... | 04/05/05
so would you go visit a neighbourhood 'A'....  hipparchus2000 | 04/05/05
Exactly Hippo  Jeff Spicoli | 04/05/05
Doesn't matter  Real World | 04/06/05
would you use a surgeon with 5% death rate or another with 1% death rate  hipparchus2000 | 04/06/05
Honestly  Real World | 04/06/05
"I don't have a significantly higher chance of dying either way"  hipparchus2000 | 04/07/05
5% or 1%...  Wolfie2K3 | 04/06/05
Yup!  golowenow | 04/07/05
one point...  linuxoverwindows | 04/06/05
Bwahahahaha!!! Awesome one dude!  Jeff Spicoli | 04/06/05
Bwahahahaha!!!! Hippo!!!  Jeff Spicoli | 04/06/05
Jeff! Look up! Quick!  Real World | 04/07/05
but how long til its fixed?  linuxoverwindows | 04/06/05
My browser will be immune in  voska | 04/05/05
Umm...there is a flaw in your logic voska...  Stellardyne | 04/05/05
I know  voska | 04/05/05
Not visit porn sites  DarthRidiculous | 04/05/05
meaningless  Jeff Spicoli | 04/05/05
so you're saying if you like going to porno sites use firefox  hipparchus2000 | 04/07/05
shabby reporting  Arm A. Geddon | 04/05/05
Since it is in the java script ...  ShadeTree | 04/05/05
Or you could  IT_User | 04/05/05
true...  Arm A. Geddon | 04/05/05
Nope, IE is immune.  Qbt | 04/05/05
visited secunia...  Arm A. Geddon | 04/05/05
Nope, FIREFOX is immune hehe  golowenow | 04/07/05
Here ya go Arm, a place to test it for yourself  Squawkbox | 04/05/05
thx squawkbox !!  Arm A. Geddon | 04/06/05
Just shows you can slice statistics anyway you like  ryxr30 | 04/05/05
Ok now compare the time it took to address the flaws  Squawkbox | 04/05/05
What?  NonZealot | 04/05/05
The whole holier-than-thou attitude  Scrat | 04/06/05
Well not exactly  Squawkbox | 04/06/05
Looking at Secunia's Site  michael-t | 04/05/05
Nice spin  IT Scion | 04/06/05
FYI  michael-t | 04/06/05
Go ahead! Click on THAT link  golowenow | 04/07/05
Wow  IT Scion | 04/07/05
ooops  IT Scion | 04/07/05
It's already fixed  InvisiBill_z | 04/06/05
i have IE and followed the secunia link to take the test.  wessonjoe | 04/06/05
IE not affected  JJ_z | 04/06/05
working with what you've got...  liberalenextrema@... | 04/06/05
Does Firefox autoupdate itself yet  FilledOut | 04/06/05
Over old.  IT Scion | 04/06/05
IE Patches, FF has new builds  zookeeperz@... | 04/06/05
So Far, No, I'm Not Rethinking!  WildcatRay | 04/07/05
Boohoo  golowenow | 04/07/05
Get a life  High Sierra | 04/07/05

What do you think?

SmartPlanet

Click Here