Apropos of nothing not OT

I popped the header from snipped-for-privacy@bfresh.net into a search engine and came up with this news from Firefox:

Another security bug has been discovered in the popular Mozilla Firefox web browser that could leak potentially sensitive information from memory. The bug which has been found in versions of Firefox up to the latest version 1.0.2 release can be used to leak information from heap memory on the users computer. The bug itself lies in the JavaScript engine, a ?lambda? replace exposes arbitrary amounts of heap memory after the end of the JavaScript string.

he issue has been confirmed by Secunia in versions 1.0.1 and 1.0.2 of Firefox. You can find more information on this issue here:

thanks to Secunia and they have a test here:

to see if your vulnerable. However the issue was originally described here (in Russian) by Azafran.

The mozilla team have detailed the bug here:

and a fix has been developed so expect to see a fresh release of Firefox soon. It looks like this little bug has been around a while, given a comment is the bug history in Bugzilla that it was in code first written way back in 1997, so the chances are numerous incarnations of Mozilla and potentially Netscape could be at risk.

I got a load of X's in my test, presumably I am in possession of a liability. Disabling Javascript didn't help.

--
Posted via Mailgate.ORG Server - http://www.Mailgate.ORG