The security team at Mozilla Corp. is looking into a flaw in its Firefox Web browser that hackers exposed at a conference in San Diego over the weekend.
In a presentation at the ToorCon hacker conference on Saturday, hackers Mischa Spiegelmock and Andrew Wbeelsoi demonstrated exploit code for a vulnerability in the way Firefox handles Javascript.
On Monday, Mozilla said it was busy investigating the flaw, and did not offer any security researchers for comment because, according to spokeswoman Mary Colvig, they were all "heads down" on the problem. The company also said it will patch the flaw if it deems that action necessary.
The vulnerability could allow someone to execute a memory corruption attack on Firefox if a user browsed to a Web site that contained the exploit code, said Ken Dunham, director of the rapid response team at security services company iDefense, a VeriSign company.
"If you were to go to a Web site that contained the exploit code, it would fill up the available memory on the computer," he said. This would create an environment in which an attacker could take over the computer to do something harmful, he added.
Dunham said that iDefense labs tested the exploit code, and it was "unreliable" and crashed the Firefox browser. Because of this, he does not consider the exploit to be a critical threat to Firefox. However, "someone could make some changes to the exploit code and make it more reliable," Dunham said.
He added that there are other, more critical unpatched flaws in both Firefox and Microsoft Corp.'s Internet Explorer browser that are currently under attack by hackers.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Applications Resource Alerts
Recommend This
