Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Tails 1.1.1 is out

The next Tails release is scheduled for October 14. Have a look to our roadmap to see where we are heading to. Read more

Healthdirect Australia sees value in open source for security solution

Commonwealth and state/territory government funded public company, Healthdirect Australia, has used open source software to build an identity and access management (IAM) solution. The IAM solution allows users to have one identity across all of its websites and applications. For example, users can sign in using their Facebook, LinkedIn or Gmail account. Read more

Ubuntu Installer Bug Can Delete Your Hard Drive and All Other OSes

The Ubuntu installation procedure is governed by a piece of software called Ubiquity and it's one of the most intuitive and easy-to-use installers on the Linux platform. Unfortunately, users have been confronting with a bug that could wipe their entire hard-driver without any kind of announcement. Read more

You have your Windows in my Linux

Although there are those who think the systemd debate has been decided in favor of systemd, the exceedingly loud protests on message boards, forums, and the posts I wrote over the past two weeks would indicate otherwise. I've seen many declarations of victory for systemd, now that Red Hat has forced it into the enterprise with the release of RHEL 7. I don't think it's that easy. Read more