Jump to content

Mozilla Products Subject To Memory Reading


Recommended Posts

A vulnerability has been discovered in Mozilla products which can be exploited by malicious people to gain knowledge of potentially sensitive information.

 

The vulnerability is caused due to an error in the JavaScript engine, as a "lambda" replace exposes arbitrary amounts of heap memory after the end of a JavaScript string.

 

Successful exploitation may disclose sensitive information in memory.

 

http://secunia.com/mozilla_products_arbitr..._exposure_test/

 

This was discovered on April 4 and is still not patched.

Edited by carbonize
Link to post
Share on other sites

That would make no difference as the products store saved sata in a flat file. This exploit lets javascript read what is in the memory so if you have visited a web page with a form then the information you submitted is usually still in the memory. Try filling out a form, submitting it then clicking back, your data is stil in the form as it has been kept in memory (or possibly cached not 100% on that one but can't see it caching form entries)

Link to post
Share on other sites

It's already fixed on the nightly versions, which not everyone is comfortable with but nonetheless, I'm starting to be annoyed by the delays in releasing certain security fixes from the Mozilla guys... I mean, they used to be great but are they trying to become the next MS of security fixes? :)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...