Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers claim zero-day flaw in Firefox

Posted by ryuzaki0 on

An anonymous reader writes "The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here."

3 of 398 comments (clear)

  1. Moo by Chacham · · Score: 5, Funny

    In response, Mozilla Corporation has stated that since the hackers did not submit the hack for verification, and they may not call it a "FireFox" hack, in compliance with their Trademark policy. Further, if anyone did take over a browser with this hack, they would have to change the icon or face vague threats.

    The hackers plan to release the next version of the hack under the name IceWeasel Hack, while grumbling about backports. Debian developers have been debating whether they should include the hack in Etch or not.

    --
    Have you read my journal today?
  2. Re:Oink by BeeBeard · · Score: 5, Funny

    (sarcasm) Yes, our only hope is that Debian developers can patch the hole in time! (end sarcasm)

  3. Redmond's response by Anonymous Coward · · Score: 5, Funny

    Determined not to be upstaged by the Mozilla developers, now that Firefox has a 0 day exploit too, Microsoft's IE team has announced that they've started working on technology that will allow their browser to have -1 day exploits.