- How Document Management Has Evolved in SharePoint 2010
(3 comments) - Red Hat Launches Opensource.com
(1 comment) - SharePoint Portal Alternatives - A Credible List
(24 comments) - Social Media Marketing with Facebook and Omniture
- Google Preps to Launch App Store for Google Apps
- Installing SharePoint 2010 on Windows 7
(5 comments) - 8 Ways Web Content Management has Improved in SharePoint 2010
Get the NewsletterIs Firefox Really More Secure?
At the ToorCon hacker convention in San Diego SixApart employee Mischa Spiegelmock recently called Firefox's security “a complete mess” and “impossible to patch”.
Spiegelmock and fellow presenter Andrew Wbeelsoi pointed to Firefox's implementation of JavaScript support and made light of the ease with which one could generate stack overflows in the Firefox JS engine, potentially allowing for remote code-execution on the target machine.
Window Snyder, the Mozilla Organization's security chief, took the claims seriously and said “We're going to do some investigating.”
She also expressed some displeasure, which I would agree with, related to the fact that Spiegelmock and Wbeelsoi may have revealed enough information during their presentation as to put current Firefox users at risk.
Following the initial reaction, Spiegelmock proceeded to officially register the vulnerability and Mozilla Org has been taking it seriously.
What has emerged in the last few hours is a statement from Mischa, specifically indicating that their code sample would not result in anything other than a browser crash.
To quote him, “As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has. I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone else’s computer and execute arbitrary code.”
Mozilla Org must be pleased with this info, but according to Madame Snyder, continues to take the vulnerability seriously and investigate the root cause.
As for us, well it has been exciting, if perhaps a touch melodramatic, while it lasted. For now we'll slip back into our warm and sleepy trust of Firefox security and hope that the episode might serve to encourage rather less sensational 2007 ToorCon presentations.
Was this article useful?
Email It
Stumble It
Add RSSBe the First to Comment
Processing...
Job Openings View all
| Post a job
| 
RSS
- LiveServer/RedDot/OpenText Developer at lp associates
- Lead Developer (Drupal) at Sandusky Newspapers, Inc
- Android Developer at Yelp
- CMS Technical Lead at Sapient
- Freelance ASP.NET Developer at Daydream
- Technology Bloggers for Justmeans.com at Justmeans
- Development Project Manager at Objective
- Experienced UX Designer at Tanagram Partners
Featured Events View all
| Add event
| RSS
- Mar 16, 2010 – Webinar: Smart Fixes for Slacker Web Pages
- Apr 21, 2010 – Drupalcon San Francisco 2010
- Apr 22, 2010 – AIIM International Expo 2010
- May 5, 2010 – CMS Expo 2010 (Evanston)
- May 20, 2010 – Gilbane Conference San Francisco
