Hackers are claiming that the open source Firefox 1.5 Web browser has a serious flaw in the way it handles JavaScript. What’s more, they also claim that the vulnerability is ‘impossible to patch’ and the implementation is ‘a complete mess’.
The presentation demonstrated a stack overflow error in the implementation of JavaScript that may lead an attacker to take control of the target machine.
The claims were made by Mischa Spiegelmock and Andrew Wbeelsoi in a presentation at the ToorCon hacker conference in California. They also claim to know of another 30 or so Firefox bugs but are not planning to release details of them – yet.
However, there is some feeling that none of this is new. For example security firm Secunia lists a number of Firefox flaws that are rated as ‘highly critical’. They include an error in the handling of JavaScript that could cause a heap-based buffer overflow.
Mozilla, the organisation behind Firefox, is not best pleased by the revelations about the vulnerability to a conference of hackers. The organisation is said to be ‘looking into’ the claims to discover whether they are new or a variation of an existing flaw.
Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.
