Hackers claim zero-day flaw in Firefox - Slashdot

Catch up on stories from the past week (and beyond) at the Slashdot story archive

×

Hackers claim zero-day flaw in Firefox 398

Posted by CmdrTaco on Sunday October 01, 2006 @10:32AM

An anonymous reader writes "The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here."

This discussion has been archived. No new comments can be posted.

Hackers claim zero-day flaw in Firefox

Search 398 Comments Log In/Create an Account

Comments Filter:

Moo (Score:5, Funny)

by Chacham ( 981 ) writes: on Sunday October 01, 2006 @10:36AM (#16265391) Homepage Journal

In response, Mozilla Corporation has stated that since the hackers did not submit the hack for verification, and they may not call it a "FireFox" hack, in compliance with their Trademark policy. Further, if anyone did take over a browser with this hack, they would have to change the icon or face vague threats.

The hackers plan to release the next version of the hack under the name IceWeasel Hack, while grumbling about backports. Debian developers have been debating whether they should include the hack in Etch or not.

Share
twitter facebook
*Crafting* a web page? (Score:0, Funny)

by MicrosoftRepresentit ( 1002310 ) writes: on Sunday October 01, 2006 @10:36AM (#16265393)

Why do they all say this in vulenrability reports? Do hackers carve their pages out of stone or something? Do they whittle them out of sticks? It makes me fucking sick!

Share
twitter facebook
Re:Oink (Score:5, Funny)

by BeeBeard ( 999187 ) writes: on Sunday October 01, 2006 @10:41AM (#16265411)

(sarcasm) Yes, our only hope is that Debian developers can patch the hole in time! (end sarcasm)

Parent Share
twitter facebook
Re:Firefox has become IE (Score:3, Funny)

by failure-man ( 870605 ) writes: <failureman&gmail,com> on Sunday October 01, 2006 @10:48AM (#16265469)

And if that's not obscure enough, there's always Lynx. ;)

Parent Share
twitter facebook
What about me? (Score:1, Funny)

by Rendo ( 918276 ) writes: on Sunday October 01, 2006 @11:05AM (#16265583)

I can turn a computer into a giant man eating robot with a few external peripherals and some malicious code in the Kernel.... Do you want some proof of that? Don't answer the door if you hear *in robot voice of course* "Humans detected... Num.... Num..... Num......"

Share
twitter facebook
Re:Javascript is the security problem (Score:3, Funny)

by shawn443 ( 882648 ) writes: on Sunday October 01, 2006 @11:40AM (#16265905)

I am not a javascript hater, it is very useful. The fact that you can transfer some of the processing to the client is a very valuable thing in my book. Considering most forms are validated at the client level I wonder how you define correctly coded web sites working 100%. I suppose however there isn't anything stopping a server from validating if the client refuses, it just means twice the coding. I just got done with a hand rolled image gallery using javascript, if you want to download every thumbnail or see just a collection of links that is fine. I recently implemented AuthCookieDBI for session based authentication. Rather than my server worrying about the headers and directing to the appropriate user section, I named the client folders after the user name. With just onblur and getElementById the client appends and passes all the information I need. I think if most users disabled javascript my work would be much harder and their experience would be less enjoyable. As far as the security issues, I think after time we will see those steadily evaporate. Right now I feel comfortable enough to risk having it on.

Parent Share
twitter facebook
Re:Proof? (Score:2, Funny)

by init100 ( 915886 ) writes: on Sunday October 01, 2006 @01:17PM (#16266825)

What the fuck does Microsoft have to do with this?

Because as everyone knows, Microsoft is evil, and thus they must be behind this. :)

Parent Share
twitter facebook
Redmond's response (Score:5, Funny)

by Anonymous Coward writes: on Sunday October 01, 2006 @01:59PM (#16267203)

Determined not to be upstaged by the Mozilla developers, now that Firefox has a 0 day exploit too, Microsoft's IE team has announced that they've started working on technology that will allow their browser to have -1 day exploits.

Share
twitter facebook
Re:Slightly offtopic... (Score:3, Funny)

by SeaFox ( 739806 ) writes: on Sunday October 01, 2006 @02:13PM (#16267331)

but why doesn't this story have a "from the ____ department" subheader?

Taco was going to write "From the Firefox dept." but he wasn't interested in paying trademark licensing fees. Plus there was any place to include the logo and they cannot be separated!

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

If you think the system is working, ask someone who's waiting for a prompt.