Firefox Zero-Day Code Execution Hoax?

Akon writes, "eWeek is running a follow-up story on the claim by two hackers that Firefox's implementation of JavaScript is critically flawed and could result in code-execution attacks. Turns out this is a possible hoax that was overblown for laughs." Mozilla's engineers say the risk is limited to a denial-of-service issue. From the article: "'As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has... I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code,' Spiegelmock said." Spiegelmock also stated that the claim that there were 30 other undisclosed exploits was made solely by his co-presenter, Andrew Wbeelsoi.

Moo

[Chacham]

So, let me get this straight. Microsoft opens the code for their browser and lets people look at it, and submit "patches". All patches must go through a slow for approval (for good code) process. Anyone who releases it on their own is sued for copyright violations. And anyone who reports a bug mysteriously reports the next day it was a hoax and a joke.

I want this Microsoft FUD to stop right now!

oh, wait, this is Mozilla? Err.. umm...

I wholly support Mozilla Corparation's moves in the Open Source community, they are right in this case, and anyone who goes against them is against successful open source projects.