Language Selection

English French German Italian Portuguese Spanish

Packetstorm in a teacup; Firefox still secure

Filed under
Moz/FF
Security

The first exploit for Mozilla Firefox 1.5 was discovered by Packetstorm last week. However initial reports that Packetstorm's hack could completely disable Firefox seem grossly exaggerated.

Packetstorm's proof of concept exploit for Firefox involves writing really long topics to Firefox's cache (2.5 million characters in Packetstorm's example). When the browser tries to load, it starts to take strain while reading the cache file.

But despite initial claims by Packetstorm that Firefox would not start, this hack only slows the loading of Firefox -- possibly up to a few minutes.

Full Story.

More in Tux Machines

Linux 4.9-rc8

So if anybody has been following the git tree, it should come as no surprise that I ended up doing an rc8 after all: things haven't been bad, but it also hasn't been the complete quiet that would have made me go "no point in doing another week". Extra kudos to Arnd, who actually root-caused the incredibly annoying "modversions do not work with new versions of binutils", bisecting it to a particular change to symbol handling in binutils, and then adding a small one-liner patch to the kernel to work around the issue. We already had other workarounds in place, but it's always good to know exactly what in the tool chain changed to cause things like this. Read more Also: Linux Kernel 4.9 Slated for December 11 Release as Linus Torvalds Outs RC8 Linux 4.9-rc8 Kernel Released