by Playfuls Staff |
3rd October 2006
According to two hackers,
Firefox, the open source browser, is vulnerable due to a very serious security
flaw in its JavaScript code. Speaking at the ToorCon hacker conference in San Diego on Saturday,
Mischa Spiegelmock and Andrew Wbeelsoi, [more] presented a slide with key information
on how the vulnerability can be exploited.
Mischa Spiegelmock and Andrew
Wbeelsoi said that a hacker could command a computer running the Web browser,
Firefox, by making up a Web page that carries malicious JavaScript code. This
flaw is said to effect Firefox on Windows, Apple Computer's Mac OS X and Linux.
According to those two hackers, the
vulnerability is not able to be patched unless Mozilla rewrites key sections of
its JavaScript code. Also the ackers said that they are aware of nearly 30
unpatched flaws in Firefox.
Mozilla's head of security,
Window Snyder, indicated for ZDNet.com that Mozilla believes the exploit to be
real. She has also said that the presentation given at the conference contained
enough information that other hackers may be able to reproduce the exploit
before it can be patched.
According to latest Symantec’s
security report, vulnerabilities in Web browsers have also become increasingly
prominent. The report said that in the last year that were 47 vulnerabilities
documented in Mozilla browsers (compared to 17 in the last reporting period),
38 in Microsoft Internet Explorer (compared to 25), and 12 in Apple Safari
(compared to six).
