Hackers claim zero-day flaw in Firefox 398
An anonymous reader writes "The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here."
Slightly offtopic... (Score:4, Interesting)
Recent fixes (Score:5, Interesting)
#353249 [Core:JavaScript Engine]-(undisclosed security fix) [All]
#354924 [Core:JavaScript Engine]-(undisclosed security fix) [All]
#354945 [Core:JavaScript Engine]-(undisclosed security fix) [All]
I wonder if these are related to the alleged flaws?
Branches? (Score:3, Interesting)
Re:Impossible to patch? (Score:5, Interesting)
One of these guys works for SixApart (Score:5, Interesting)
Re:Good policies will often save you. (Score:2, Interesting)
One of Opera's employees has an interesting blog [opera.com] in which he explains what he has to do in Opera browser.js patches. There's also a Firefox category [opera.com], where he occasionally rants about things such as object.prototype.eval, event.originalTarget, etc.
Even if you're not interested in Opera, check the blog out, there's some really interesting WTF material there in all categories.
Re:Impossible to patch? (Score:2, Interesting)
Re:Slightly offtopic... (Score:1, Interesting)
RMS are your listening? (Score:1, Interesting)
OSS needs this in licenses. Forget the DRM stuff GPLv3 is trying to deal with, let's try to deal with a real problem that we can solve. This is a minor act of terrorism like behavior, they go out, announce they have a bunch of exploits that they aren't going to publish and basically say they would rather get them to other black hats rather than mozilla to fix them. That should be criminal and if it's not and since I don't trust the government to do it right, Mozilla should have recourse to sue these guys for damages and to figure out fixes to the problem.
Look at the apple wireless thing, same exact problem. We'll never know if there was a real exploit, it will never be released or actually demoed. Any time apple fixes anything in the wireless area (and they'll continue to fix stuff for years) a group of people will simply parrot that the whole thing was real, another group will do the same and echo the fraud charges. The fact remains that it is the least responsible disclosure, it is an attempt to generate fear that cannot be fixed and generate some fame and defame another company all at once.
RMS mandate full disclosure in the next GPL.
a lot of ignorant nonsense (Score:3, Interesting)
If the operations that javascript can perform are properly restricted (which they pretty much already are) and the implementation is properly sandboxed (which apparently it isn't right now on firefox) then you can ran an arbitrary javascript program without consequences.
Javascript is important to many companies business models, and if you haven't noticed already, the web has moved to using *more* javascript lately not less. People use javascript to deploy fairly thick clients, to assyncronously update a page without postbacks. Some web toolkits don't even render most html on the server, but send data to the client, and let the client handle display.
The bottom line is that businesses now widely use the web to distribute *applications* in a way that they used thin clients to distribute applications in the past. For them, the web is the new x forwarding. Using browsers sans javascript is not an option for them, so it is not going to happen.
What really needs to happen is better sandboxing. Also, sandboxing has to go further than it has in the past. One problem that javascript has is that it can use up a lot of processor time, and effectively bring the system to a halt, or at least cause usability problems in other applications. Browsers needs to regulate cpu and memory resources that javascript can use better to insure that this doesn't happen.
Re:Slightly offtopic... (Score:3, Interesting)
"Man, that virus didn't break my OS, so I am the roxor!!!" But it stole your identity, charged up your credit cards and ruined your credit rating, all in user space.