Firefox JavaScript Flaw

It appears that the folks over at Secunia have found a JavaScript flaw in Firefox. The flaw allows a script to read an arbitrary amount of information contained in the browser memory. This data could be anything from URLs to JavaScript commands. Secunia has posted a test that demonstrates the flaw. The test uses a buffer overrun technique to access the memory, similar to popular hacking methods used worldwide.

Comments

  1. José Jeria

    This has been fixed on trunk builds and will be included in Firefox 1.0.3 that should be out any day now. Those guys really fix security issues fast!

  2. Nicholas C. Zakas

    Ah the beauty of open source software! It would take Microsoft about three months to release a patch for IE.

Understanding JavaScript Promises E-book Cover

Demystify JavaScript promises with the e-book that explains not just concepts, but also real-world uses of promises.

Download the Free E-book!

The community edition of Understanding JavaScript Promises is a free download that arrives in minutes.