Hot on the heels of new Firefox security chief Window Snyder...

Logan King
October 1, 2006

Page All:

Page 1
A new and possibly crippling flaw in Firefox is discovered.


"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

The flaw is specific to Firefox's implementation of JavaScript, a 10-year-old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."

It appears to me that all that is needed to avoid it is NoScript and some common sense, but those without either may be in very large trouble.


Medium Image View Large