Window Snyder, the Mozilla Organization's security chief, took the claims seriously and said "We're going to do some investigating."
She also expressed some displeasure, which I would agree with, related to the fact that Spiegelmock and Wbeelsoi may have revealed enough information during their presentation as to put current Firefox users at risk.
Following the initial reaction, Spiegelmock proceeded to officially register the vulnerability and Mozilla Org has been taking it seriously.
What has emerged in the last few hours is a statement from Mischa, specifically indicating that their code sample would not result in anything other than a browser crash.
To quote him, "As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has. I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven't used it to take over anyone elseâ€™s computer and execute arbitrary code."
Mozilla Org must be pleased with this info, but according to Madame Snyder, continues to take the vulnerability seriously and investigate the root cause.
As for us, well it has been exciting, if perhaps a touch melodramatic, while it lasted. For now we'll slip back into our warm and sleepy trust of Firefox security and hope that the episode might serve to encourage rather less sensational 2007 ToorCon presentations.
CMSWire is a leading, native digital publication produced by Simpler Media Group, Inc. We provide articles, research and events for sophisticated professionals driving digital customer experience strategy, evolving the digital workplace and creating intelligent information management practices. The CMSWire team produces 450+ authoritative articles per quarter for our 750,000 community members. Join us as a subscriber.