funsec mailing list archives

Critical JavaScript Flaw Hits Firefox

From: "Fergie" <fergdawg () netzero net>
Date: Mon, 26 Feb 2007 18:40:36 GMT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via vnunet.com.

[snip]

Mozilla has confirmed a potentially serious flaw in its open source Firefox
browser.

Developer Michal Zalewski, who uncovered the flaw, described it as
"seemingly pretty nasty, and apparently easily exploitable".

The vulnerability affects current versions of Firefox for all major PC
platforms, according to Zalewski's report.

The use of a certain JavaScript instruction can cause Firefox to crash,
allowing an attacker complete access to a system and the ability to run
malware remotely.

[snip]

More:
http://www.vnunet.com/vnunet/news/2184139/vulnerability-uncovered

I recommend http://NoScript.net/ plug-in for Firefox.

- - ferg


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)

wj8DBQFF4ymhq1pz9mNUZTMRArWXAJ9iy1JgTGL6PMwH+vh/J5WDwLeS0wCcCf5j
CUez23we34qbgMTx3zJ3g7A=
=SsMc
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
  - Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)
- <Possible follow-ups>
- Re: Critical JavaScript Flaw Hits Firefox Fergie (Feb 26)
  - Re: Critical JavaScript Flaw Hits Firefox Reed Loden (Feb 26)
    - Re: Critical JavaScript Flaw Hits Firefox Jordan Wiens (Feb 26)