Flaw found in Firefox - Published: April 5, 2005.....( NEWBIE )

Discussion in 'Firefox' started by Ron, Apr 12, 2005.

  1. Ron

    Ron Guest

    Can anyone comment on this topic?

    A flaw has been discovered in the popular open-source browser Firefox
    that could expose sensitive information stored in memory, Secunia has
    warned.

    Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security
    information company said in an advisory on Monday. The flaw stems from
    an error in the JavaScript engine that can expose arbitrary amounts of
    heap memory after the end of a JavaScript string. As a result, an
    exploit may disclose sensitive information in the memory, Secunia said.

    "Unlike other browser flaws, this one is not subject to phishing or
    access to the system. But it can expose sensitive information from other
    Web sites you visited and the information you entered there," said
    Thomas Kristensen, Secunia chief technology officer.
    Me TV: Finally, you are in control

    While the flaw is only rated as "moderately critical" by Secunia, the
    rapid adoption of the open-source browser means that many users may be
    at risk. Prior to the release of version 1.0, downloads of earlier
    versions of the browser had reached 8 million within the first 18 months.

    The Mozilla Foundation, which makes the Firefox browser, is working on a
    patch, and no cases have been reported, a representative for the group said.

    Secunia has developed a test that allows people to see whether their
    system is affected by the vulnerability.

    Here is the site to test your broswer!
    http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/

    Ron...
     
    Ron, Apr 12, 2005
    #1
    1. Advertisements

  2. Ron

    Gunther Guest

    fixed in FF 1.0.3
     
    Gunther, Apr 12, 2005
    #2
    1. Advertisements

  3. Ron

    Tony Pacc Guest

    There is no 1.0.3!
     
    Tony Pacc, Apr 12, 2005
    #3
  4. Ron

    Ed Mullen Guest

    Ed Mullen, Apr 12, 2005
    #4
  5. Ron

    Tony Raven Guest

    I think he meant the latest nightly build

    Tony
     
    Tony Raven, Apr 12, 2005
    #5
  6. Ron

    Wijja Guest


    This still have a buttload of problems to fix with 1.02 anyway, so I
    don't suppose a security risk matters at this point. They busted it
    every which way they could (not like it worked well to begin with) so I
    won't be surprised if we see a lot more of these vulnerabilities showing
    up. Especially where extensions (yuck) are concerned.
     
    Wijja, Apr 12, 2005
    #6
  7. Ron

    iamu Guest

    I have version 1.0.3
    :)
     
    iamu, Apr 12, 2005
    #7
  8. Ron

    John Guest

    Where did you get it?

    John <><

    A wise monkey is a monkey who doesn't monkey
    with an other monkey's monkey.
    (A very free paraphrase of Exodus 20:14).
     
    John, Apr 12, 2005
    #8
  9. Ron

    GK Guest

    Where, how, did you get 1.0.3?
     
    GK, Apr 12, 2005
    #9
  10. Ron

    iamu Guest

    Hmmm I will post the link once I can get access to it. :) Sometimes can't
    get access. Either that or I can email the program.
    Thanks
     
    iamu, Apr 12, 2005
    #10
  11. Ron

    iamu Guest

    www.softex.meganet.lt/

    Link is down sometimes but once u get on there, the update for FF is there.
    You probably have to go back a few pages of downloads before you find it or
    perhaps you can do a search I dunno.

    Good luck.
     
    iamu, Apr 13, 2005
    #11
  12. Ron

    Tony Raven Guest

    So you trust a download of an "unreleased" version of FF from a
    Lithuanian website? Have you checked it for "extras"?

    Sheesh

    Tony
     
    Tony Raven, Apr 13, 2005
    #12
  13. Ron

    default Guest

    default, Apr 13, 2005
    #13
  14. Ron

    iamu Guest

    *rolls* his eyes
     
    iamu, Apr 13, 2005
    #14
  15. Ron

    Gunther Guest

    Sorry, I should have been more precise:
    I'm running a nightly build (specifically from
    mozilla.org/firefox/nightly/2005-04-06-19-aviary1.0.1/
    I think). It reports it self in Help->About as 1.0.3
    and it does not have the problem.

    Gunther
     
    Gunther, Apr 14, 2005
    #15
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.