Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.


More in Tux Machines

GNOME: GitLab Migration and More

  • IMPORTANT: GitLab mass migration plan
    I know some fellows doesn’t read desktop-devel-list, so let me share here an email that it’s important for all to read: We have put in place the plan for the mass migration to GitLab and the steps maintainers needs to do.
  • ED Update – week 11
  • Reflections on Distractions in Work, Productivity and Time Usage
    For the past year or so I have mostly worked at home or remote in my daily life. Currently I’m engaged in my master thesis and need to manage my daily time and energy to work on it. It is no surprise to many of us that working using your internet-connected personal computer at home can make you prone to many distractions. However, managing your own time is not just about whipping and self-discipline. It is about setting yourself up in a structure which rewards you for hard work and gives your mind the breaks it needs. Based on reflections and experimentation with many scheduling systems and tools I finally felt I have achieved a set of principles I really like and that’s what I’ll be sharing with you today. [...] Minimizing shell notifications: While I don’t have the same big hammer to “block access to my e-mail” here, I decided to change the order of my e-mail inboxes in Geary so my more relevant (and far less activity prone) student e-mail inbox appears first. I also turned off the background e-mail daemon and turned off notification banners in GNOME Shell. [...] Lastly, I want to give two additional tips. If you like listening to music while working, consider whether it might affect your productivity. For example, I found music with vocals to be distracting me if I try to immerse myself in reading difficult litterature. I can really recommend Doctor Turtle’s acoustic instrumental music while working though (all free). Secondly, I find that different types of tasks requires different postures. For abstract, high-level or vaguely formulated tasks (fx formulating goals, reviewing something or reflecting), I find interacting with the computer whilst standing up and walking around to really help gather my thoughts. On the other hand with practical tasks or tasks which require immersion (fx programming tasks), I find sitting down to be much more comfortable.

OSS, Openwashing and FUD

Open Data (OD) for Research of Shootings

Security Leftovers

  • 7 Questions to Ask About Your DevSecOps Program
  • Developers Are Ethical But Not Responsible?
    Ask a person if he or she is a racist and the answer is almost always no. Ask a developer if they consider ethical considerations when writing code and only six percent say no. If everyone acted the way they self-report, then there would be peace and love throughout the world. Based on over a hundred thousand respondents, StackOverflow’s Developer Survey 2018 presents a more complicated reality. If they were asked to write code for an unethical purpose, 59 percent would say no, but another 37 percent of developers were non-committal about whether they would comply. In another question, only about 5 percent said they definitely not report unethical problems with code. But sounding the alarm is about as far as most people will go.
  • Cloud Security: 10 Top Tips
  • Group Policy Objects (GPOs) for Linux®