A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.
Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.
"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.
While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.
The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.
Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.
... can be found here: <a class="jive-link-external" href="http://weblogs.mozillazine.org/asa/archives/007896.html" target="_newWindow">http://weblogs.mozillazine.org/asa/archives/007896.html</a>
It's not yet final, but if you are really worried about this flaw, you can get this version.
When a IE/XP flaw is found, that just means it is a new day.
When a FF flaw is found it is news as it is a faily uncommon event. Of course. they have a release candidate up and running. While Microsoft would be waiting until the next patch cycle, at the minimum.
Sure, it would have been better if this flaw did not exist, but no one can claim that Mozilla is not pro-active and quickly react to any problems.
By your angle since Microsoft flaws are so common then they are not news worthy. It seems to me you are making a case for Firefox flaws to reciveve greater attention.
Eitherway, it is news. Microsoft is attacked for flaws in Win98, so it is fair that Firefox is attacked for flaws in their current "stable" version.
(Incidently I use Firefox... at the moment. I find the whole "one tab is busy they all are" feature/flaw annoying.)
I find it amusing that we all have resorted to pointing out flaws in software. Mozilla never said their wouldn't be flaws. I don't think Microsoft said anything like that either. Flaws are an inevitable part of anything. I think many have made that point over and over again.
I am amazed at the sides people take. It doesn't really have to do with the quality of software it's more about who is right and who is wrong.
It's true that the more people using a peice of software (firefox in this case) the more flaws are going to be found. The real issue is how bad are they, how fast do they get fixed, and how is the fix implemented. I will be honest with you, I don't like redownloading the entire program to fix a flaw. In my opinion it's like rereading the dictionary to find a single word. With the software it maybe the best bet, but it's still annoying. On the other hand I find that I like firefox better than other browsers and so I make a compremise on how it's patched.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Running an Aviary of 1.03 right now.
Please pick the one you like.
<a class="jive-link-external" href="http://weblogs.mozillazine.org/asa/archives/007896.html" target="_newWindow">http://weblogs.mozillazine.org/asa/archives/007896.html</a>
It's not yet final, but if you are really worried about this flaw, you can get this version.
When a FF flaw is found it is news as it is a faily uncommon event. Of course. they have a release candidate up and running. While Microsoft would be waiting until the next patch cycle, at the minimum.
Sure, it would have been better if this flaw did not exist, but no one can claim that Mozilla is not pro-active and quickly react to any problems.
Eitherway, it is news. Microsoft is attacked for flaws in Win98, so it is fair that Firefox is attacked for flaws in their current "stable" version.
(Incidently I use Firefox... at the moment. I find the whole "one tab is busy they all are" feature/flaw annoying.)
;)
I am amazed at the sides people take. It doesn't really have to do with the quality of software it's more about who is right and who is wrong.
It's true that the more people using a peice of software (firefox in this case) the more flaws are going to be found. The real issue is how bad are they, how fast do they get fixed, and how is the fix implemented. I will be honest with you, I don't like redownloading the entire program to fix a flaw. In my opinion it's like rereading the dictionary to find a single word. With the software it maybe the best bet, but it's still annoying. On the other hand I find that I like firefox better than other browsers and so I make a compremise on how it's patched.