Linked by Thom Holwerda on Sun 1st Oct 2006 19:45 UTC, submitted by rx182
The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X, and Linux, they said.
Thread beginning with comment 167326
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:2005-07-19
Bugzilla entries have date stamps, its very easy to see when the bug was reported and when it was fixed. That's a pretty transparent process.
Are you saying they file new bugs for old security issues, just to get the fix date close to the report date? What happens to the original bugzilla entry?
Member since:2005-07-12
>> Are you saying they file new bugs for old
>> security issues, just to get the fix date close
>> to the report date? What happens to the original
>> bugzilla entry?
It goes 'unconfirmed'... Like the 'memory leak' that was revealed to be a 'feature' and has multiple bug entries dating back all the way to FF 0.89
That it seems even 2.0 RC1 STILL HAS.
Of course, if it's a feature, why do other browsers lack it?
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-11-06
Actually most Firefox security issues are known long before a patch is issued. They make the flaws public one day before the patch to give the impression that they are fast patching... The reality is that these errors have been known in black hat forums for months. Mozilla does nothing.