Firefox zero-day hole overplayed

A pair of so-called "hackers" made headlines yesterday by claiming to have uncovered a zero-day exploit in Firefox. The hackers were reported to know of an additional 30 holes that they were withholding from the Mozilla security team. Heise Security now reports that the hackers' announcement was largely a hoax, and that the worst the aforementioned security hole can do is cause a browser crash—not allow malicious users to take control of affected systems, as one of the hackers initially suggested. The Heise Security report also quotes the same hacker as saying he knows nothing about the 30 holes mentioned by sites like ZDNet yesterday. However, the hacker did not backtrack on his claims about Firefox's flawed JavaScript implementation, and Mozilla's security team intends to continue its investigation in order to track down any potential flaws.
Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.