Apropos of nothing not OT

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View


Quoted text here. Click to load it


I popped the header from snipped-for-privacy@bfresh.net into a search engine and came
up with this news from Firefox:
http://www.virus.org/Article94.html

Another security bug has been discovered in the popular Mozilla Firefox
web browser that could leak potentially sensitive information from
memory.
The bug which has been found in versions of Firefox up to the latest
version 1.0.2 release can be used to leak information from heap memory
on the users computer. The bug itself lies in the JavaScript engine, a
“lambda” replace exposes arbitrary amounts of heap memory after the end
of the JavaScript string.

he issue has been confirmed by Secunia in versions 1.0.1 and 1.0.2 of
Firefox. You can find more information on this issue here:

http://secunia.com/advisories/14820 /
thanks to Secunia and they have a test here:

http://secunia.com/mozilla_products_arbitrary_memory_exposure_test /
to see if your vulnerable. However the issue was originally described
here http://cubic.xfo.org.ru/index.cgi?read53%004 (in Russian) by
Azafran.

The mozilla team have detailed the bug here:

https://bugzilla.mozilla.org/show_bug.cgi?id28%8688 and a fix has been
developed so expect to see a fresh release of Firefox soon. It looks
like this little bug has been around a while, given a comment is the bug
history in Bugzilla that it was in code first written way back in 1997,
so the chances are numerous incarnations of Mozilla and potentially
Netscape could be at risk.

I got a load of X's in my test, presumably I am in possession of a
liability. Disabling Javascript didn't help.



--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Re: Apropos of nothing not OT

OOPS!

Sorry about the cross post.


--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG

Site Timeline