- Related Stories
-
Firefox improves pop-up ad blocking
April 4, 2005 -
Firefox add-on lets surfers tweak sites, but is it safe?
March 23, 2005
Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.
"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.
While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.
The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.
Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.
See more CNET content tagged:
flaw,
open source,
Firefox,
JavaScript,
Web browser
Running an Aviary of 1.03 right now.
Please pick the one you like.
http://weblogs.mozillazine.org/asa/archives/007896.html
It's not yet final, but if you are really worried about this flaw, you can get this version.
When a FF flaw is found it is news as it is a faily uncommon event. Of course. they have a release candidate up and running. While Microsoft would be waiting until the next patch cycle, at the minimum.
Sure, it would have been better if this flaw did not exist, but no one can claim that Mozilla is not pro-active and quickly react to any problems.
Eitherway, it is news. Microsoft is attacked for flaws in Win98, so it is fair that Firefox is attacked for flaws in their current "stable" version.
(Incidently I use Firefox... at the moment. I find the whole "one tab is busy they all are" feature/flaw annoying.)
;)
- Flawed Perseption
-
by System Tyrant
April 7, 2005 2:15 PM PDT
- I find it amusing that we all have resorted to pointing out flaws in software. Mozilla never said their wouldn't be flaws. I don't think Microsoft said anything like that either. Flaws are an inevitable part of anything. I think many have made that point over and over again.
-
Reply to this comment
-
(10 Comments)I am amazed at the sides people take. It doesn't really have to do with the quality of software it's more about who is right and who is wrong.
It's true that the more people using a peice of software (firefox in this case) the more flaws are going to be found. The real issue is how bad are they, how fast do they get fixed, and how is the fix implemented. I will be honest with you, I don't like redownloading the entire program to fix a flaw. In my opinion it's like rereading the dictionary to find a single word. With the software it maybe the best bet, but it's still annoying. On the other hand I find that I like firefox better than other browsers and so I make a compremise on how it's patched.