Explore Newsletters from ECT News Network » View Samples | Subscribe
Welcome Guest | Sign In
TechNewsWorld.com

Firefox Vulnerability Puts Sensitive Information at Risk

By Jennifer LeClaire LinuxInsider ECT News Network
Apr 5, 2005 8:34 AM PT

A vulnerability has been discovered in the Firefox Web browser that could be exploited by malicious people to gain knowledge of potentially sensitive information, according to an advisory from security research firm Secunia.

Firefox Vulnerability Puts Sensitive Information at Risk

The vulnerability comes less than six weeks after the Mozilla Foundation released a security update to the Firefox browser that included several fixes to guard against spoofing and arbitrary code execution.

JavaScript Error

"The vulnerability is caused due to an error in the JavaScript engine, as a 'lambda' replace exposes arbitrary amounts of heap memory after the end of a JavaScript string," said the Secunia advisory.

The vulnerability has been confirmed in versions 1.0.1 and 1.0.2. Other versions may also be affected.

Secunia has released an online test to allow Firefox and Mozilla users to determine if they are affected by the bug. The advisory said the immediate solution is to disable JavaScript support.

Firefox Versus Internet Exlporer

Web vulnerabilities are not at all unusual, evidenced by Secunia's deep online library of security advisories about Firefox, Microsoft's Internet Explorer, Apple's Safari and others.

In fact, Jupiter Research analyst Joe Wilcox told TechNewsWorld that vulnerabilities are just "part of the ballgame."

"Flaws will be found because flaws exist and that's going to be true for any Web browser," Wilcox said. "The real question over time is whether the Mozilla folks can keep up with finding problems and then deploying patches in the most efficient manner."

Microsoft's Advantage

That, said Wilcox, is where Microsoft has an advantage in the marketplace. Microsoft has a team dedicated to looking for vulnerabilities, developing patches and distributing them while Firefox has limited resources.

"Just think of Windows Update, for example, and the amount that Microsoft invested in that infrastructure over many years," Wilcox said. "That's a very powerful distribution for getting patches out as quickly and efficiently as possible Firefox doesn't have anything like that."

Secunia's online test for the bug is available via its Web site.


Forrester names NICE inContact CXone a leader in cloud contact center software
Which of these technology gifts would you most like to receive?
Portable Power Charger
Remote Video Monitoring System
Smart Speaker
Smart Thermostat
Smart Watch
Streaming TV Player
Video Doorbell
VR Gaming Headset
WiFi Signal Booster
Wireless Earbuds / Headphones
Forrester names NICE inContact CXone a leader in cloud contact center software