Author Topic: Flaw in Firefox  (Read 7563 times)

Offline TheHalf™

  • The"better"Half™
  • Hero Member
  • *****
  • Posts: 726
  • Karma: +166/-0
  • Road Runner H.S.I. 30Mbps/5Mbps
    • View Profile
    • Bit Che
Flaw in Firefox
« on: October 01, 2006, 08:18:55 am »
By Joris Evers
Staff Writer, CNET News.com
Published: September 30, 2006

SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

Complete story----> http://news.com.com/2100-1002_3-6121608.html?part=rss&tag=6121608&subj=news

deckkeeper

  • Guest
Re: Flaw in Firefox
« Reply #1 on: October 01, 2006, 08:24:12 am »
Uh oh :o

I'll be careful until they come out with a fix. This makes me think of the bug from a year or two ago, where someone could make a link that put one thing in the browser's address bar and loaded something else.

Offline TheHalf™

  • The"better"Half™
  • Hero Member
  • *****
  • Posts: 726
  • Karma: +166/-0
  • Road Runner H.S.I. 30Mbps/5Mbps
    • View Profile
    • Bit Che
Re: Flaw in Firefox
« Reply #2 on: October 01, 2006, 08:36:21 am »
The article was specific on the use of and old code using JavaScript, so how often does anyone have Java use within their Firefox browser?

Interesting link----> http://www.javascript.com/

deckkeeper

  • Guest
Re: Flaw in Firefox
« Reply #3 on: October 01, 2006, 09:59:31 am »
The article was specific on the use of and old code using JavaScript, so how often does anyone have Java use within their Firefox browser?

Interesting link----> http://www.javascript.com/
Java and javascript are pretty common. Hell, just check the source for the forum. The article said that the presentations gave enough information for black hats to write their own attacks. We just have to hope that Mozilla can make a fix for this soon, which sounds like it will be hard to do.