Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mozilla / Firefox Memory Exposure Vulnerability

Posted by timothy on Monday April 4, 2005 @08:03AM from the mine-sure-is-vulnerable dept.

JimmyM writes "Secunia has a story regarding a new severe vulnerability in the Mozilla Suite and Firefox browser, which can be exploited by any web site to read all memory, which the browser process has access to. No patch is available from Mozilla. A demonstration is available here."

2 of 132 comments (clear)

Min score:

Reason:

Sort:

Re:Confusing write-up by cjsnell · 2005-04-04 08:13 · Score: 5, Informative

Can a remote site actually get access to this information, or is it only displayable on the screen?

The data is being displayed within a TEXTAREA box, so it's probably as simple as adding an onClick="javascript:document.form.submit();" (or onMouseOver, etc.) to the document.

Yes, this is very dangerous.
Re:Did the Mozilla/Firefox guys ignore a warning? by Vaevictis666 · 2005-04-04 08:16 · Score: 5, Informative

From the bugzilla bug report (copy it, they disallow /. links):

Opened: 2005-04-01 13:40 PDT
Last modified: 2005-04-01 22:39 PDT
Resolution: FIXED

So yes they did, it was fixed in under 10 hours, and published 3 days later.