Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Leftovers: OSS

  • Hyperledger Bond Trading Platform Goes Open Source
    A bond trading platform built on top of Hyperledger's Sawtooth Lake distributed ledger was made open source this week, alongside a release of a demo of the technology. The project, first announced in September 2016, was designed to demonstrate how bond trading and settlement can be streamlined using distributed ledgers. Created in partnership with the R3 consortium and eight participating banks, the working proof-of-concept has now also been displayed as a public demo on Sawtooth's website.
  • Coreboot Picks Up A New Kabylake Chromebook "Fizz"
    It may not be as exciting as hearing Dell looking at Coreboot, but another Intel-powered Chromebook is now supported by mainline Coreboot.
  • Cognitive Wi-Fi and disrupting the AP market with Open Source – with Mojo Networks – Wi FiNOW ep 59
  • Open source job opportunities grow at crisis groups
    Learn how you can use your open source skills to make a difference in the world.
  • Why LÖVE?

    This month, IndustrialRobot asked my opinion of FOSS game engines — or, more specifically, why I chose LÖVE.

    The short version is that it sort of landed in my lap, I tried it, I liked it, and I don’t know of anything I might like better. The long version is…

  • Mashape, Creator of Top Open Source API Management Tool Kong, Raises $18M
  • Defense department announces the launch of “Code.mil,” an experiment in open source
    The Department of Defense (DoD) announced the launch of Code.mil, an open source initiative that allows software developers around the world to collaborate on unclassified code written by federal employees in support of DoD projects. DoD is working with GitHub, an open source platform, to experiment with fostering more collaboration between private sector software developers and federal employees on software projects built within the DoD. The Code.mil URL redirects users to an online repository that will house code written for a range of projects across DoD for individuals to review and make suggested changes. [...] DoD faces unique challenges in open sourcing its code. Code written by federal government employees typically does not have copyright protections under U.S. and some international laws, which creates difficulties in attaching open source licenses.
  • RApiDatetime 0.0.1
    Very happy to announce a new package of mine is now up on the CRAN repository network: RApiDatetime.
  • FYI anyone who codes outside work: GitHub has a contract to stop bosses snatching it all
    In contrast to the restrictions many companies place on their workers, GitHub believes it can loosen the reins through the release of its Balanced Employee Intellectual Property Agreement (BEIPA). Technology companies often require that employees, as a condition of their employment, sign away the intellectual property rights to any work created while employed, even on personal time. Such contracts may even give companies ownership rights to work created during a limited period after employees leave the company.

Red Hat and Fedora

  • Is there need for Red Hat Certification training in Zimbabwe?
    A local institution is investigating the need to train Systems Administrators/Engineers who use Linux towards Red Hat certifications. The course is targeted at individuals with at least 2 years experience using Linux.
  • Red Hat, Inc. (NYSE:RHT) By The Numbers: Valuation in Focus
  • Fedora @ Konteh 2017 - event report
    This year we managed to get a booth on a very popular student job fair called Konteh. (Thanks to Boban Poznanovic, one of the event managers)
  • Fedora 26 Alpha status is NO-GO
    The result of the second Fedora 26 Alpha Go/No-Go Meeting is NO-GO. Due to blockers found during the last days [1] we have decided to delay the Fedora 26 Alpha release for one more week. There is going to be one more Go/No-Go meeting on the next Thursday, March 30th, 2017 at 17:00 UTC to verify we are ready for the release.
  • Fedora 26 Alpha Faces Another Delay
    Fedora 26 was set back by a delay last week and today it's been delayed again for another week. Fedora 26 Alpha has been delayed for another week when at today's Go/No-Go meeting it was given a No-Go status due to outstanding blocker bugs.

GNOME News: Gtef, GNOME 3.24 Release Video, Epiphany 3.24

  • Gtef 2.0 – GTK+ Text Editor Framework
    Gtef is now hosted on gnome.org, and the 2.0 version has been released alongside GNOME 3.24. So it’s a good time for a new blog post on this new library.
  • GNOME's GTK Gets Gtef'ed
    Developer Sébastien Wilmet has provided an overview of Gtef with this text editing framework having been released in tandem with GNOME 3.24. Gtef provides a higher level API to make it easier for text editing or in developer-focused integrated development environments.
  • The Official GNOME 3.24 Release Video Is Here
    By now you’re probably well aware that a new update to the GNOME desktop has been released — and if you’re not, where’ve you been?! GNOME 3.24 features a number of neat new features, welcome improvements, and important advances, most of which we’ve documented in blog posts during the course of this week.
  • A Web Browser for Awesome People (Epiphany 3.24)
    Are you using a sad web browser that integrates poorly with GNOME or elementary OS? Was your sad browser’s GNOME integration theme broken for most of the past year? Does that make you feel sad? Do you wish you were using an awesome web browser that feels right at home in your chosen desktop instead? If so, Epiphany 3.24 might be right for you. It will make you awesome. (Ask your doctor before switching to a new web browser. Results not guaranteed. May cause severe Internet addiction. Some content unsuitable for minors.)

today's howtos