Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers claim zero-day flaw in Firefox

Posted by ryuzaki0 on

An anonymous reader writes "The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here."

3 of 398 comments (clear)

  1. Recent fixes by grondu · · Score: 4, Interesting

    For the October 1 branch nightly release, these fixes were included:

    #353249 [Core:JavaScript Engine]-(undisclosed security fix) [All]
    #354924 [Core:JavaScript Engine]-(undisclosed security fix) [All]
    #354945 [Core:JavaScript Engine]-(undisclosed security fix) [All]

    I wonder if these are related to the alleged flaws?

    --

    I'm the urban spaceman babe, but here comes the twist... I don't exist

  2. Re:Impossible to patch? by betterunixthanunix · · Score: 4, Interesting

    Which is a perfect solution, in my opinion. QEMU took about 10 minutes to set up, and my Win2K disk image worked fine -- and I can get a copy of it in less than a second. Yes, it takes slightly more CPU time, but that is reasonable. The fact of the matter is that no major software can be 100% secure, but virtual machines provide a way out...unless the VM itself is compromised, but that is far easier to address...

    --
    Palm trees and 8
  3. One of these guys works for SixApart by Anonymous Coward · · Score: 5, Interesting

    Wonder how the management at SixApart feels about a having a black hat work for them who brazenly scoffs at the notion of responsible full-disclosure and releases a 0-day exploit to the public. Sort of answers the question in an earlier Slashdot post about whether companies should hire blackhats to work for them. In this case, the answer is a resounding NO. SixApart should fire this guy's ass immediately.