Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Ubuntu MATE Projects Donates Money to Debian, MATE, and Syncthing Developers

The Ubuntu MATE project does something very admirable each month. Its makers contribute financially to other open source projects that are being used in the operating system, and that is something that doesn't happen all the often in the FOSS universe. Read more

Wine 1.7 Series Turn Two Years Old, No Sign Of Wine 1.8

Today marks two years since the start of the Wine 1.7 development series. While it's been two years of doing bi-weekly development releases, there's no sign of Wine 1.8.0 being ready for release in the near future. Read more

Today in Techrights

Leftovers: Software

  • gtkmm now uses C++11
    All the *mm projects now require C++11. Current versions of g++ require you to use the –std=c++11 option for this, but the next version will probably use C++11 by default. We might have done this sooner if it had been clearer that g++ (and libstdc++) really really supported C++11 fully.
  • Pixman Baking ARMv6, PowerPC 64 Improvements
    Pixman 0.33.2 RC has many new ARMv6 optimizations, bug fixes for PowerPC 64-bit, and various other fixes and enhancements to the MMX code.
  • Obnam 1.13 released (backup software)
    I have just released version 1.13 of Obnam, my backup program. See the website at http://obnam.org for details on what it does. The new version is available from git (see http://git.liw.fi) and as Debian packages from http://code.liw.fi/debian, and uploaded to Debian, and soon in unstable.
  • MusicTube Review - Use YouTube as Your Source of Music
    MusicTube is a very interesting music player designed for multiple platforms using YouTube as the music source. It's not made for locally hosted music, and you can't add other online sources, but YouTube is a huge resource.