AlbertPacino
Explorer
Both Firefox and the Mozilla browser suite are vulnerable to attacks through flawed JavaScript engines, a security firm reported Monday.
The Mozilla Foundation's open-source browsers can be exploited by hackers to gain access to data currently in memory (but not information only stored on the hard drive), said the Danish security company Secunia.
According to Mozilla, use of a JavaScript "lambda" replace can expose arbitrary amounts of heap memory after the end of a JavaScript string. "Successful exploitation may disclose sensitive information in memory," said Secunia in its online alert.
The bug has been confirmed in the most recent versions of Firefox (1.0.2) and Mozilla (1.7.6), and at the moment, no patch is available. (Developers are working on one, however; to track what they're up to, check out this page on Bugzilla.)
Secunia recommends that users temporarily disable JavaScript support for what it considers a "moderately critical" bug.
Firefox and Mozilla users can try this test that Secunia has created to confirm that their browser is vulnerable.
Source
The Mozilla Foundation's open-source browsers can be exploited by hackers to gain access to data currently in memory (but not information only stored on the hard drive), said the Danish security company Secunia.
According to Mozilla, use of a JavaScript "lambda" replace can expose arbitrary amounts of heap memory after the end of a JavaScript string. "Successful exploitation may disclose sensitive information in memory," said Secunia in its online alert.
The bug has been confirmed in the most recent versions of Firefox (1.0.2) and Mozilla (1.7.6), and at the moment, no patch is available. (Developers are working on one, however; to track what they're up to, check out this page on Bugzilla.)
Secunia recommends that users temporarily disable JavaScript support for what it considers a "moderately critical" bug.
Firefox and Mozilla users can try this test that Secunia has created to confirm that their browser is vulnerable.
Source