'Hackers' claim Firefox is fundamentally flawed

— 11:29 AM on October 2, 2006

Mischa Spiegelmock and Andrew Wbeelsoi, two hackers who say they've found a zero-day security hole in Firefox, are claiming the browser's JavaScript implementation is fundamentally flawed. The hole in question was unveiled at the ToorCon hacker conference, and it can reportedly be exploited to cause a stack overflow much like a number of past JavaScript security holes have done in previous versions of Firefox. However, the root of the problem is allegedly Firefox's JavaScript implementation, which the hackers say is a "complete mess" that's "impossible to patch." Overall, the hackers claim they know of 30 unpatched Firefox flaws.

ZDNet asked Mozilla security chief Window Snyder about the flaw uncovered by the hackers at the conference, and she said it appeared legit. She added that the flaw could be a variation on an old attack, and that Mozilla would investigate the matter. Mozilla security staffer Jesse Ruderman also attempted to convince the hackers to reveal the bugs via Mozilla's bug bounty program, which awards $500 for every security flaw found, but the hackers reportedly laughed off the offer. They claimed their withholding of the information is "for the greater good of the Internet," and that they are "setting up communication networks for black hats [malicious hackers]." Thanks to The Inquirer for the tip.

Like what we're doing? Pay what you want to support TR and get nifty extra features.
Top contributors
1. BIF - $340 2. Ryu Connor - $250 3. mbutrovich - $250
4. YetAnotherGeek2 - $200 5. End User - $150 6. Captain Ned - $100
7. Anonymous Gerbil - $100 8. Bill Door - $100 9. ericfulmer - $100
10. dkanter - $100
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.