Firefox 3.5's First Vulnerability "Self-Inflicted"

CWmike writes "Mozilla has confirmed the first security vulnerability in Firefox 3.5, saying that the bug could be used to hijack a machine running the company's newest browser. A noted Firefox contributor called the situation 'self-inflicted' and said it was likely that the hacker who posted public exploit code Monday became aware of the flaw by rooting through Bugzilla, Mozilla's bug- and change-tracking database. The vulnerability is in the TraceMonkey JavaScript engine that debuted with Firefox 3.5, said Mozilla. '[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

Unacceptable

What do you mean there is a security exploit in a brand new version of a web browser? This is crazy, new versions of software should always be more secure then the previous versions.

Personally I'll be sticking with IE6, I never bought into this whole "Firefox" thing.

Yeah, right

[DoofusOfDeath]

'[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

Oh sure, I'm definitely going to follow that link now.

Wimp!

[argent]

I only use IE 5.5!

Re:Wimp!

[mcrbids]

Pshaw. I use telnet, and read the native code. I don't even see the code anymore... Blonde, Brunette, Red-Head...

Reading sites that use SSL is a bit tricky, though.

Re:Foundation, Not a Company

[FudRucker]

or the Boogie Woogie Bugle boys from Company "B"

Right_Here

Re:MOD PARENT UP

[the+way,+what're+you]

I've got at least a dozen non-default settings I've set in about:config. What's one more?

at least a baker's dozen?

Re:Nice test for the open source community

[barzok]

It's called fdisk

Re:Foundation, Not a Company

[brusk]

You mean that Extra Touch of Class Struggle.