Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Android Leftovers

Leftovers: OSS

Ubuntu 16.04 Review: What’s New for Desktop Users

Ubuntu is a tricky distribution. As much as I love it on my home server, my desktop is a different ballgame. In my experience, releases between LTS versions have many new technologies that may or may not survive in the next LTS. There were many technologies or features that Canonical thought were ambitious -- HUD, experimenting with menus, online dash search, Ubuntu Software Center, etc. -- but they were abandoned. So, if I were to use Ubuntu on my desktop, I would still choose LTS. Read more

Workflow and efficiency geek talks Drush and Drupal

I started using Drupal because I needed an open source content management system (CMS) to use in several community projects. One of the projects I was involved with was just getting started and had narrowed its CMS selection down to either Drupal or Joomla. At the time I was using a different framework, but I had considered Drupal in the past and knew that I liked it a lot better than Joomla. I convinced them to go with the new Drupal 6 release and converted all of my other projects for consistency. I started working with Drush because I wanted a unified mechanism to work with local and remote sites. My first major contribution to Drush was site aliases and sql-sync in Drush 3. Read more