Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Zero-Day Code Execution Hoax?

Posted by ryuzaki0 on from the shouting-fire-in-a-crowded-fox dept.

Akon writes, "eWeek is running a follow-up story on the claim by two hackers that Firefox's implementation of JavaScript is critically flawed and could result in code-execution attacks. Turns out this is a possible hoax that was overblown for laughs." Mozilla's engineers say the risk is limited to a denial-of-service issue. From the article: "'As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has... I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code,' Spiegelmock said." Spiegelmock also stated that the claim that there were 30 other undisclosed exploits was made solely by his co-presenter, Andrew Wbeelsoi.

12 of 215 comments (clear)

  1. Great!! by zappepcs · · Score: 3, Funny

    The first time that I actually started to worry that FF might have a problem, and that I should be careful, it turns out to be a hoax. I don't know whether to be happy about this or not?

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:Great!! by __aaclcg7560 · · Score: 4, Funny

      Be happy. It could've been worst and happen on Internet Explorer instead.

  2. ...crash and eat up system resources... by RHIC · · Score: 5, Funny

    No change there then.

  3. Moo by Chacham · · Score: 5, Funny

    FireFox has no exploits. All exploits are actually in IceWeasel, to avoid legal action from Mozilla.

    In other news, Microsoft has said thet their version of Genuine Internet Explorer has no bugs, and any bugs, must be due to a bad download, or user tampering. As such, all user installs of Internet Explorer will be renamed to "Meshed-Screen Interpolated E-reader" (MSIE for short), and will subsequently be subject to licensing fees.

    --
    Have you read my journal today?
  4. Then it wasn't painfully obvious enough by davidwr · · Score: 5, Funny

    If the CNET folks didn't get it, the panel should've made sure they did.

    Any prank like this NOT done on 1 April needs to end with "and for those of you who left your sense of humor at home, the preceeding presentation was 100% pure entertainment and any resemblance to reality was purely to tweak your nose. Please stay for the next panel on novel approaches to perpetual motion. Thank you."

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  5. Re:NoScript by TheRaven64 · · Score: 4, Funny
    But...

    But...

    Web 2.0!

    *splutter*

    --
    I am TheRaven on Soylent News
  6. Re:Never believe anything without a second source by gEvil+(beta) · · Score: 5, Funny

    Never believe anything without a second source

    Anyone want to reiterate what he said so we can know that we should believe him?

    --
    This guy's the limit!
  7. Re:Never believe anything without a second source by chroot_james · · Score: 4, Funny

    I'll back him up. Kind of. I propose requiring a third source. Anyone want to reiterate?

    --
    Reality is nothing but a collective hunch.
  8. Re:Moo by Anonymous Coward · · Score: 1, Funny

    > "Intarweb Implorer"

    Hey I think you found Debian's new name for Firefox.

  9. Re:Not surprised. by Jugalator · · Score: 2, Funny

    I bet you have few friends. :-(

    --
    Beware: In C++, your friends can see your privates!
  10. Re:Never believe anything without a second source by Senzei · · Score: 3, Funny
    I disagree. Now you still have to find a 3rd source to agree with you and 3 sources to discredit me. And of course I just got off work so I have all day long to disagree with those who disagree with me in the first place. Better put on a cup of coffee. :-)
    Actually, I think you owe us two more sources to confirm your disagreement. Well, I would think that, but we haven't found three sources to conclusively prove that three sources are needed to conclusively prove something.
    --
    Slashdot: Where anecdotes and generalizations can be freely substituted for facts, logic, or intelligence
  11. Re:What's in a name by kayditty · · Score: 2, Funny

    there's no apostrophe in A. Wbeelsoi.