New flaw found in Firefox

Forum Moderators: open

Message Too Old, No Replies

New flaw found in Firefox

Version 1.03 coming soon

encyclo

8:21 pm on Apr 5, 2005 (gmt 0)

Another bug in Firefox has been discovered, and this time the information has been released before any patched versions are available.

A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to gain knowledge of potentially sensitive information.
...
Successful exploitation may disclose sensitive information in memory.

Mozilla and Netscape 6.x and 7.x are vulnerable too. The patch has been done for Firefox already, but it is still in testing. Version 1.03 should be here very soon, though. The full information can be found here:

Firefox vulnerability [secunia.com]

Netscape/Mozilla vulnerability [secunia.com]

If you want to see what kind of information could be leaking from your browser, try this test:

Memory exposure test [secunia.com]

The workaround until patched versions are released is to disable Javascript.

kaled

10:53 pm on Apr 5, 2005 (gmt 0)

I just ran the test a few times and it crashed Firefox.

All the data I saw seemed to belong to the current process.

Kaled.

digitalghost

10:57 pm on Apr 5, 2005 (gmt 0)

Nice crash. Thanks for that. ;) Seemed to clear image cache and that was about it. Akin to smashing a window with a hammer to see how it holds up under stress.