Firefox Vulnerability Puts Sensitive Information at Risk

The vulnerability comes less than six weeks after the Mozilla Foundation released a security update to the Firefox browser that included several fixes to guard against spoofing and arbitrary code execution.

JavaScript Error

"The vulnerability is caused due to an error in the JavaScript engine, as a 'lambda' replace exposes arbitrary amounts of heap memory after the end of a JavaScript string," said the Secunia advisory.

The vulnerability has been confirmed in versions 1.0.1 and 1.0.2. Other versions may also be affected.

Secunia has released an online test to allow Firefox and Mozilla users to determine if they are affected by the bug. The advisory said the immediate solution is to disable JavaScript support .

Firefox Versus Internet Exlporer

Web vulnerabilities are not at all unusual, evidenced by Secunia's deep online library of security advisories about Firefox, Microsoft's (Nasdaq: MSFT) Internet Explorer, Apple's (Nasdaq: AAPL) Safari and others.

In fact, Jupiter Research analyst Joe Wilcox told TechNewsWorld that vulnerabilities are just "part of the ballgame."

"Flaws will be found because flaws exist and that's going to be true for any Web browser," Wilcox said. "The real question over time is whether the Mozilla folks can keep up with finding problems and then deploying patches in the most efficient manner."

Microsoft's Advantage

That, said Wilcox, is where Microsoft has an advantage in the marketplace. Microsoft has a team dedicated to looking for vulnerabilities, developing patches and distributing them while Firefox has limited resources.

"Just think of Windows Update, for example, and the amount that Microsoft invested in that infrastructure over many years," Wilcox said. "That's a very powerful distribution for getting patches out as quickly and efficiently as possible Firefox doesn't have anything like that."

Secunia's online test for the bug is available via its Web site.