carbonize Posted April 12, 2005 Posted April 12, 2005 (edited) A vulnerability has been discovered in Mozilla products which can be exploited by malicious people to gain knowledge of potentially sensitive information. The vulnerability is caused due to an error in the JavaScript engine, as a "lambda" replace exposes arbitrary amounts of heap memory after the end of a JavaScript string. Successful exploitation may disclose sensitive information in memory. http://secunia.com/mozilla_products_arbitr..._exposure_test/ This was discovered on April 4 and is still not patched. Edited April 12, 2005 by carbonize Quote
DarqFlare Posted April 13, 2005 Posted April 13, 2005 Hm.. Good thing I don't have it save fields... Quote
carbonize Posted April 13, 2005 Author Posted April 13, 2005 That would make no difference as the products store saved sata in a flat file. This exploit lets javascript read what is in the memory so if you have visited a web page with a form then the information you submitted is usually still in the memory. Try filling out a form, submitting it then clicking back, your data is stil in the form as it has been kept in memory (or possibly cached not 100% on that one but can't see it caching form entries) Quote
TCH-Thomas Posted April 13, 2005 Posted April 13, 2005 There is a Firefox 1.0.3 and Mozilla 1.7.7 on its way. Lets hope they fix this in the updates. Quote
borfast Posted April 13, 2005 Posted April 13, 2005 It's already fixed on the nightly versions, which not everyone is comfortable with but nonetheless, I'm starting to be annoyed by the delays in releasing certain security fixes from the Mozilla guys... I mean, they used to be great but are they trying to become the next MS of security fixes? Quote
carbonize Posted April 13, 2005 Author Posted April 13, 2005 I stopped using the nightlies a long time ago due to the fact they are making major changes which stop a lot of extensions working and I like my tab browser preferences. Quote
carbonize Posted April 13, 2005 Author Posted April 13, 2005 (edited) Ah they are getting ready to release preview versions of Firefox 1.1 according to http://www.spreadfirefox.com/ Edited April 13, 2005 by carbonize Quote
ripefis Posted April 16, 2005 Posted April 16, 2005 I stopped using the nightlies a long time ago due to the fact they are making major changes which stop a lot of extensions working and I like my tab browser preferences. <{POST_SNAPBACK}> Any word on new features? Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.