Slashdot Mirror


Firefox 3.5's First Vulnerability "Self-Inflicted"

CWmike writes "Mozilla has confirmed the first security vulnerability in Firefox 3.5, saying that the bug could be used to hijack a machine running the company's newest browser. A noted Firefox contributor called the situation 'self-inflicted' and said it was likely that the hacker who posted public exploit code Monday became aware of the flaw by rooting through Bugzilla, Mozilla's bug- and change-tracking database. The vulnerability is in the TraceMonkey JavaScript engine that debuted with Firefox 3.5, said Mozilla. '[It] can be exploited by an attacker who tricks a victim into viewing a malicious Web page containing the exploit code,' Mozilla's security blog reported Tuesday."

5 of 156 comments (clear)

  1. Whew! by cciRRus · · Score: -1, Troll

    Good thing I'm using Internet Explorer!

    Oh wait...

    --
    w00t
  2. Re:Right! Quick! by kalirion · · Score: -1, Troll

    That's right, get it from The Official No-Script Site.

  3. the only browser with 0 vulnerabilities by Anonymous Coward · · Score: -1, Troll

    is Google Chrome...

  4. Live in glass house, don't throw stones by hessian · · Score: -1, Troll

    PEOPLE IN GLASS HOUSES SHOULDN'T THROW STONES - "Those who are vulnerable should not attack others. The proverb has been traced back to Geoffrey Chaucer's 'Troilus and Criseyde' (1385). George Herbert wrote in 1651: 'Whose house is of glass, must not throw stones at another.' This saying is first cited in the United States in 'William & Mary College Quarterly' (1710). Twenty-six later Benjamin Franklin wrote, 'Don't throw stones at your neighbors', if your own windows are glass.' 'To live in a glass house' is used as a figure of speech referring to vulnerability." From "Random House Dictionary of Popular Proverbs and Sayings" (1996) by Gregory Y. Titelman (Random House, New York, 1996).

    A reminder to all open source developers tempted to continue talking endless flak about Microsoft and Sun products.

  5. Re:Foundation, Not a Company by Anonymous Coward · · Score: -1, Troll

    When you wish to download Firefox or Thunderbird, you are redirected from Mozilla.org to Mozilla.com, so in this case calling it a company is most certainly correct - the Mozilla corporation is distributing the software to you, not the Mozilla foundation.

    So when Blizzard redirects me to another CDN site or torrent for their patches, I am to assume it is the CDN or seeder that is developing the patch?