Computer Crime Research Center


Hackers dig into Firefox

Date: October 06, 2006

The open source Firefox web browser is critically flawed in the way it handles JavaScript, two hackers said on Saturday afternoon.

An attacker could commandeer a computer running the browser simply by crafting a web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference in San Diego. The flaw affects Firefox on Windows, Apple's Mac OS X and Linux, they said.

The flaw is specific to Firefox's implementation of JavaScript, a 10-year-old scripting language widely used on the web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess", he said, adding: "It is impossible to patch."

The JavaScript issue appears to be a real vulnerability, Window Snyder, Mozilla's security chief, said after watching a video of the presentation on Saturday night. "What they are describing might be a variation on an old attack," she said. "We're going to do some investigating."

Snyder said she isn't happy with the disclosure and release of an apparent exploit during the presentation. "It looks like they had enough information in their slide for an attacker to reproduce it," she said. "I think it is unfortunate because it puts users at risk but that seems to be their goal."
Original article

Add comment  Email to a Friend

Discussion is closed - view comments archieve
2006-10-07 02:31:11 - Wow... I won't be visiting this site for... otis grace
2006-10-06 10:46:53 - The Computer Crime Research Center is... Jason Barnabe
2006-10-06 08:55:57 - This was a HOAX! Look it up in Google News... Christian Braun
2006-10-06 07:45:35 - it was a joke not a funny one at that joke
Total 4 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo