- Related Stories
-
Firefox improves pop-up ad blocking
April 4, 2005 -
Firefox add-on lets surfers tweak sites, but is it safe?
March 23, 2005
Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.
"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.
While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.
The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.
Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.
- More from News.com on this story's topics
Security threats
Open source
Web browsers
See more CNET content tagged:
Firefox,
flaw,
JavaScript,
memory,
Web browser
Running an Aviary of 1.03 right now.
http://weblogs.mozillazine.org/asa/archives/007896.html
It's not yet final, but if you are really worried about this flaw, you can get this version.
When a FF flaw is found it is news as it is a faily uncommon event. Of course. they have a release candidate up and running. While Microsoft would be waiting until the next patch cycle, at the minimum.
Sure, it would have been better if this flaw did not exist, but no one can claim that Mozilla is not pro-active and quickly react to any problems.
I am amazed at the sides people take. It doesn't really have to do with the quality of software it's more about who is right and who is wrong.
It's true that the more people using a peice of software (firefox in this case) the more flaws are going to be found. The real issue is how bad are they, how fast do they get fixed, and how is the fix implemented. I will be honest with you, I don't like redownloading the entire program to fix a flaw. In my opinion it's like rereading the dictionary to find a single word. With the software it maybe the best bet, but it's still annoying. On the other hand I find that I like firefox better than other browsers and so I make a compremise on how it's patched.