Flaw found in Firefox

A flaw has been discovered in the popular open-source browser Firefox that potentially could release sensitive information stored in memory, according to a report by security information company Secunia.

While the flaw is only rated as "moderately critical," the rapid adoption of the open-source browser may put a growing number of users at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

Firefox versions 1.0.1 and 1.0.2 contain the flaw, Secunia said.

The vulnerability stems from an error in the JavaScript engine, according to Secunia. This error can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia's chief technology officer.

Mozilla is currently working on a patch, and no known cases have been reported, said a Mozilla spokesman.

Secunia has developed a test that allows users to gauge whether their systems are affected by the vulnerability.

Like this article? Click below to send it to your mobile for free!

Advertisement

Print feature brought to you by Hewlett Packard

Talkback 3 comments

  1. It's still better than IE. All software is bound to have bugs in it, it's only when its under a huge spotlight of attention does anyone bother to jump up and down about it. Besides this we as windows users cannot get rid of IE that eas Anonymous -- 06/04/05

    It's still better than IE.

    All software is bound to have bugs in it, it's only when its under a huge spotlight of attention does anyone bother to jump up and down about it.

    Besides this we as windows users cannot get rid of IE that easily. Why? well Windows update requires it
    so I cant dump it completely. Well at least untill someone tells me how to.

  2. Not only has Firefox failed to deliver a secure browser (I agree that all software suffers in this regard) but it renders pages like a dogs breakfast. Perhaps Mozilla should have demonstrated some resistance to security issues before issuing the challenge Anonymous -- 13/04/05

    Not only has Firefox failed to deliver a secure browser (I agree that all software suffers in this regard) but it renders pages like a dogs breakfast. Perhaps Mozilla should have demonstrated some resistance to security issues before issuing the challenge to would-be hackers.

  3. That tool Digga on IRC uses it so how good can it be? Full of bugs, Full of flaws, Fireflaw is one of the dodgiest browsers on the 'net and it attracts tools to it like a bog attracts blowflies Anonymous -- 13/04/05

    That tool Digga on IRC uses it so how good can it be? Full of bugs, Full of flaws, Fireflaw is one of the dodgiest browsers on the 'net and it attracts tools to it like a bog attracts blowflies

Add your opinion


Latest Videos

Sponsored content

Power Centre - Content from our premier sponsors

Blogs

  • David Braue Telstra's BT coat doesn't fit
    The vision of the future BT portrayed this week at an Australian conference was so far removed from how Telstra's David Quilty has described the British telco that I wonder if they were talking about the same UK.
  • Array Australian security: the lucky country
    Does anyone seriously believe that Australian businesses and government agencies manage security any better than the US or UK?
  • Array Storage infrastructure on the tender track
    For a large-scale storage project, it's not uncommon to go out to tender for the best deal — but when was the last time you had to put together a tender for a document management room?
  • More blogs »

Tags

  1. 433 articles are tagged with 3g
  2. 205 articles are tagged with acquisition
  3. 13 articles are tagged with actu
  4. 31 articles are tagged with administrator
  5. 1154 articles are tagged with apple
  6. 11 articles are tagged with asu
  7. 1158 articles are tagged with broadband
  8. 351 articles are tagged with browser
  9. 44 articles are tagged with careers
  10. 147 articles are tagged with ceo
  11. 9 articles are tagged with chrome
  12. 514 articles are tagged with cio
  13. 54 articles are tagged with commander
  14. 24 articles are tagged with commbank
  15. 135 articles are tagged with eds
  16. 298 articles are tagged with firefox
  17. 923 articles are tagged with google
  18. 823 articles are tagged with government
  19. 692 articles are tagged with hp
  20. 1210 articles are tagged with ibm
  21. 130 articles are tagged with iinet
  22. 212 articles are tagged with internet explorer
  23. 251 articles are tagged with iphone
  24. 22 articles are tagged with it services
  25. 336 articles are tagged with laptop
  26. 2023 articles are tagged with linux
  27. 1217 articles are tagged with microsoft
  28. 1008 articles are tagged with mobile
  29. 280 articles are tagged with mozilla
  30. 103 articles are tagged with new zealand
  31. 690 articles are tagged with optus
  32. 668 articles are tagged with oracle
  33. 453 articles are tagged with outsourcing
  34. 34 articles are tagged with pay
  35. 430 articles are tagged with privacy
  36. 104 articles are tagged with queensland
  37. 33 articles are tagged with results
  38. 161 articles are tagged with review
  39. 258 articles are tagged with sap
  40. 2540 articles are tagged with security
  41. 53 articles are tagged with smartcard
  42. 1196 articles are tagged with software
  43. 15 articles are tagged with strike
  44. 428 articles are tagged with telecommunications
  45. 1897 articles are tagged with telstra
  46. 52 articles are tagged with union
  47. 225 articles are tagged with virtualisation
  48. 253 articles are tagged with vodafone
  49. 290 articles are tagged with vulnerability
  50. 1396 articles are tagged with windows

Back to top

Featured