Language Selection

English French German Italian Portuguese Spanish

Flaw found in Firefox

Filed under
Security

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

Source

More in Tux Machines

Quadcopter drone packs first all-Linux APM autopilot

Erle Robotics launched a ROS-enabled, open source “Erle-brain” autopilot that runs APM directly on Linux. The device also powers an “Erle-copter” drone. Over the last year, Spanish firm Erle Robotics S.L. has been working with 3DRobotics to develop an open source BeaglePilot autopilot for drones that can run Linux on 3DR’s popular, Arduino-based APM (ArduPilot Mega) platform. The APM Linux port was developed by both companies, as well as several academic institutions. The BeagleBone-based “Erle-brain” autopilot is built into the $490-and-up Erle-copter quadcopter. Read more

Seven Tips To Get The Most From Your New Android Smartphone

With applications able to run in the background and sync as they see fit, Android can rapidly eat through your cellular data allowance if you are not careful. While it’s fine to let the data run free on wi-fi, you’ll want to restrict your data usage when out and about. Short of switching off mobile data (which defeats the purpose of a smartphone), look under the options in the Data Usage part of the settings. Here you’ll find my wallet’s favourite Android setting of ‘restrict background data’. Now when using cellular data, apps will only pull down data when they are in the foreground and you can see them doing so. If a smartphone is all about being in control, this is the option that gives you confidence. Read more

today's leftovers

Hands-on with PCLinuxOS: A terrific release

I had been thinking that a new PCLinuxOS release was due any time now, based on their quarterly release schedule. Sure enough, it has now arrived, just in time for Christmas - PCLinuxOS 2014.12. Read more Also: Santa Claus has Linux in his sack -- PCLinuxOS 2014.12 is here PCLinuxOS 2014.12 released