Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE )

Discussion in 'Firefox' started by Ron, Apr 12, 2005.

  1. Ron

    Ron Guest

    Can anyone comment on this topic?

    A flaw has been discovered in the popular open-source browser Firefox
    that could expose sensitive information stored in memory, Secunia has

    Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security
    information company said in an advisory on Monday. The flaw stems from
    an error in the JavaScript engine that can expose arbitrary amounts of
    heap memory after the end of a JavaScript string. As a result, an
    exploit may disclose sensitive information in the memory, Secunia said.

    "Unlike other browser flaws, this one is not subject to phishing or
    access to the system. But it can expose sensitive information from other
    Web sites you visited and the information you entered there," said
    Thomas Kristensen, Secunia chief technology officer.
    Me TV: Finally, you are in control

    While the flaw is only rated as "moderately critical" by Secunia, the
    rapid adoption of the open-source browser means that many users may be
    at risk. Prior to the release of version 1.0, downloads of earlier
    versions of the browser had reached 8 million within the first 18 months.

    The Mozilla Foundation, which makes the Firefox browser, is working on a
    patch, and no cases have been reported, a representative for the group said.

    Secunia has developed a test that allows people to see whether their
    system is affected by the vulnerability.

    Here is the site to test your broswer!

    Ron, Apr 12, 2005
    1. Advertisements

  2. Ron

    Gunther Guest

    fixed in FF 1.0.3
    Gunther, Apr 12, 2005
    1. Advertisements

  3. Ron

    Tony Pacc Guest

    There is no 1.0.3!
    Tony Pacc, Apr 12, 2005
  4. Ron

    Ed Mullen Guest

    Ed Mullen, Apr 12, 2005
  5. Ron

    Tony Raven Guest

    I think he meant the latest nightly build

    Tony Raven, Apr 12, 2005
  6. Ron

    Wijja Guest

    This still have a buttload of problems to fix with 1.02 anyway, so I
    don't suppose a security risk matters at this point. They busted it
    every which way they could (not like it worked well to begin with) so I
    won't be surprised if we see a lot more of these vulnerabilities showing
    up. Especially where extensions (yuck) are concerned.
    Wijja, Apr 12, 2005
  7. Ron

    iamu Guest

    I have version 1.0.3
    iamu, Apr 12, 2005
  8. Ron

    John Guest

    Where did you get it?

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
    (A very free paraphrase of Exodus 20:14).
    John, Apr 12, 2005
  9. Ron

    GK Guest

    Where, how, did you get 1.0.3?
    GK, Apr 12, 2005
  10. Ron

    iamu Guest

    Hmmm I will post the link once I can get access to it. :) Sometimes can't
    get access. Either that or I can email the program.
    iamu, Apr 12, 2005
  11. Ron

    iamu Guest


    Link is down sometimes but once u get on there, the update for FF is there.
    You probably have to go back a few pages of downloads before you find it or
    perhaps you can do a search I dunno.

    Good luck.
    iamu, Apr 13, 2005
  12. Ron

    Tony Raven Guest

    So you trust a download of an "unreleased" version of FF from a
    Lithuanian website? Have you checked it for "extras"?


    Tony Raven, Apr 13, 2005
  13. Ron

    default Guest

    default, Apr 13, 2005
  14. Ron

    iamu Guest

    *rolls* his eyes
    iamu, Apr 13, 2005
  15. Ron

    Gunther Guest

    Sorry, I should have been more precise:
    I'm running a nightly build (specifically from
    I think). It reports it self in Help->About as 1.0.3
    and it does not have the problem.

    Gunther, Apr 14, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.