By Dawn Kawamoto, 6 April 2005 09:10
NEWS A flaw has been discovered in the popular open-source browser Firefox that potentially could release sensitive information stored in memory, according to a report by security information company Secunia.
While the flaw is only rated as "moderately critical," the rapid adoption of the open-source browser may put a growing number of users at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached eight million within the first 18 months.
Firefox versions 1.0.1 and 1.0.2 contain the flaw, Secunia said.
The vulnerability stems from an error in the JavaScript engine, according to Secunia. This error can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory.
"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other websites you visited and the information you entered there," said Thomas Kristensen, Secunia's CTO.
Mozilla is currently working on a patch, and no known cases have been reported, said a Mozilla spokesman.
Secunia has developed a test that allows users to gauge whether their systems are affected by the vulnerability.
Dawn Kawamoto writes for CNET News.com
Comments
There are 3 comments. Join the discussion
1. Rob
And so it starts....
....welcome to the world of software development, if Mozilla Foundation needs any tips tell them to speak to MS they are pros at this sort of thing, they have even developed an automatic update system, Firefox could do with one of those.
2. anonymous
Firefox already has one of those.
3. anonymous
This exploit is already fixed and will be included in an upcoming release:
http://www.mozillazine.org/talkback.html?article=6343