iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Firefox Javascript Vulnerability Was A Joke
Search:
[ insider_reports_insider ]

Firefox Javascript Vulnerability Was A Joke



David Utter
Staff Writer
2006-10-03

SecurityProNews: Insider Reports Insider Reports RSS Feed


Instead of a dramatically vulnerable JavaScript engine in the Firefox browser, the speakers at ToorCon were presenting code that one admitted will not enable remote code execution.

Firefox Javascript Vulnerability Was A Joke
Firefox Javascript Vulnerability Was A Joke

Mozilla's engineers will continue to investigate potential issues with the way Firefox handles JavaScript, even though Mischa Spiegelmock has now admitted their presentation at ToorCon was a hoax.

Spiegelmock and Andrew Wbeelsoi made the buzzworthy claim that Firefox was critically vulnerable to attack.

Its JavaScript virtual machine could be exploited in a way that would allow someone to run arbitrary code remotely on a person's machine.

Window Snyder, chief security officer for Mozilla, wrote that initial testing of the code presented at the conference could cause a denial of service problem, sometimes crashing the browser.

She later followed up with another post based on an exchange with Spiegelmock, who wrote that he and Wbeelsoi were just trying "to be humorous":

As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution.

However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else's computer and execute arbitrary code.

I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities.

The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

I apologize to everyone involved, and I hope I have made everything as clear as possible.
Wbeelsoi claimed to have 30 undisclosed flaws he discovered in Firefox, and laughed off a request to submit them to Mozilla's Bug Bounty program.

That claim now looks less likely given Spiegelmock's statement.

---
Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Bookmark SecurityProNews -




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds