Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

LibreOffice 5.1 Officially Released with Redesigned User Interface, New Features

Today, February 10, The Document Foundation non-profit organization has proudly announced the release and immediate availability for download of the LibreOffice 5.1 open-source and cross-platform office suite for all supported platforms. Read more Also: LibreOffice 5.1: The premier open-source office suite just keeps getting better LibreOffice 5.1 Officially Released As The Best Open-Source Office Suite

Ubuntu 16.04 LTS Is Now Using the Latest Linux Kernel 4.4.1

The Ubuntu kernel team has upgraded the Linux kernel for Ubuntu 16.04 LTS (Xenial Xerus) to version 4.4.1 and is also tracking future updates for this branch. Read more

Putin's New Internet Czar Wants Apple and Google to Pay More Taxes

Microsoft, Google and other U.S. companies “reached the point of no return” when they complied with sanctions over Putin’s annexation of Crimea by halting all business with the peninsula, according to Klimenko. As a result, it’s “inevitable” Russia will switch state networks from Windows to an open-source system based on Linux, a move 22,000 municipal governments are prepared to make immediately, he said. Read more