Advertisement
Promo

Office applications Toolkit

Firefox flaw made public

Dawn Kawamoto CNET News

Published: 06 Apr 2005 09:10 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A flaw has been discovered in the popular open source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
56 out of 138 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Office applications


Company/Topic Alerts

Create a new alert from the list below:











Video icon

Video

Discussions

gbswales gbswales

this article sums things up nicely I t...

Monday 16 November 2009, 11:14 PM

19 comments
Jake Rayson Jake Rayson

Shutdown/Reboot Ubuntu 9.10

Monday 16 November 2009, 11:09 PM

3 comments
lezlow lezlow

i prefer it also why?

Monday 16 November 2009, 9:55 PM

57 comments
lezlow lezlow

yes

Monday 16 November 2009, 9:52 PM

19 comments

View All

Vista Upgrade Blog

This Crap Site

How utterly stupid - I am ranked #40 in the top 100 - as a member of this site..... I mean HOW utterly stupid.... I have done sweet FA, I have only rejoined this site after a 3 or... More

Post a comment

Microsoft Security Update: November Pa...

Apologies for this late update to our core Patch Tuesday update. Here is a summary of the update .... The November Patch Tuesday update from Microsoft follows the largest patch and... More

Post a comment

Windows 7 pricing all over the shop..a...

I really think Microsoft have made a mess of Windows 7 pricing. They got the product right, yet there initial pricing of at around £44.95 for the full version of Windows 7 Home Premium... More

7 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters