Slashdot Mirror


Firefox 3.5's First Vulnerability "Self-Inflicted"

CWmike writes "Mozilla has confirmed the first security vulnerability in Firefox 3.5, saying that the bug could be used to hijack a machine running the company's newest browser. A noted Firefox contributor called the situation 'self-inflicted' and said it was likely that the hacker who posted public exploit code Monday became aware of the flaw by rooting through Bugzilla, Mozilla's bug- and change-tracking database. The vulnerability is in the TraceMonkey JavaScript engine that debuted with Firefox 3.5, said Mozilla. '[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

5 of 156 comments (clear)

  1. Unacceptable by Anonymous Coward · · Score: 4, Funny

    What do you mean there is a security exploit in a brand new version of a web browser? This is crazy, new versions of software should always be more secure then the previous versions.

    Personally I'll be sticking with IE6, I never bought into this whole "Firefox" thing.

  2. Yeah, right by DoofusOfDeath · · Score: 5, Funny

    '[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

    Oh sure, I'm definitely going to follow that link now.

  3. Re:Foundation, Not a Company by FudRucker · · Score: 3, Funny

    or the Boogie Woogie Bugle boys from Company "B"

    Right_Here

    --
    Politics is Treachery, Religion is Brainwashing
  4. Re:MOD PARENT UP by the+way,+what're+you · · Score: 5, Funny

    I've got at least a dozen non-default settings I've set in about:config. What's one more?

    at least a baker's dozen?

    --
    example.org - powered by Linux!
  5. Re:Wimp! by mcrbids · · Score: 3, Funny

    Pshaw. I use telnet, and read the native code. I don't even see the code anymore... Blonde, Brunette, Red-Head...

    Reading sites that use SSL is a bit tricky, though.

    --
    I have no problem with your religion until you decide it's reason to deprive others of the truth.