April 5, 2005 2:24 PM PDT

Flaw found in Firefox

By Dawn Kawamoto
Staff Writer, CNET News

Related Stories

Firefox improves pop-up ad blocking

 April 4, 2005

Firefox add-on lets surfers tweak sites, but is it safe?

 March 23, 2005
A flaw has been discovered in the popular open-source browser Firefox that could expose sensitive information stored in memory, Secunia has warned.

Firefox versions 1.0.1 and 1.0.2 contain the vulnerability, the security information company said in an advisory on Monday. The flaw stems from an error in the JavaScript engine that can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory, Secunia said.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other Web sites you visited and the information you entered there," said Thomas Kristensen, Secunia chief technology officer.

While the flaw is only rated as "moderately critical" by Secunia, the rapid adoption of the open-source browser means that many users may be at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.

The Mozilla Foundation, which makes the Firefox browser, is working on a patch, and no cases have been reported, a representative for the group said.

Secunia has developed a test that allows people to see whether their system is affected by the vulnerability.

See more CNET content tagged:
Firefox, flaw, JavaScript, memory, Web browser

Add a Comment (Log in or register) 10 comments
already fixed, soon
by xpgeek11 April 5, 2005 3:45 PM PDT
Firefox 1.03 coming out within days, this already fixed.

Running an Aviary of 1.03 right now.
Reply to this comment View all 2 replies
The release candidate of version 1.0.3...
by feranick April 5, 2005 5:22 PM PDT
... can be found here:
http://weblogs.mozillazine.org/asa/archives/007896.html

It's not yet final, but if you are really worried about this flaw, you can get this version.
Reply to this comment
This is news
by pcLoadLetter April 5, 2005 5:43 PM PDT
When a IE/XP flaw is found, that just means it is a new day.

When a FF flaw is found it is news as it is a faily uncommon event. Of course. they have a release candidate up and running. While Microsoft would be waiting until the next patch cycle, at the minimum.

Sure, it would have been better if this flaw did not exist, but no one can claim that Mozilla is not pro-active and quickly react to any problems.
Reply to this comment View reply
Firefox Flaw
by April 7, 2005 1:02 PM PDT
Wow. More people are using it, and flaws are starting to appear. What a concept.
Reply to this comment View reply
Flawed Perseption
by System Tyrant April 7, 2005 2:15 PM PDT
I find it amusing that we all have resorted to pointing out flaws in software. Mozilla never said their wouldn't be flaws. I don't think Microsoft said anything like that either. Flaws are an inevitable part of anything. I think many have made that point over and over again.

I am amazed at the sides people take. It doesn't really have to do with the quality of software it's more about who is right and who is wrong.

It's true that the more people using a peice of software (firefox in this case) the more flaws are going to be found. The real issue is how bad are they, how fast do they get fixed, and how is the fix implemented. I will be honest with you, I don't like redownloading the entire program to fix a flaw. In my opinion it's like rereading the dictionary to find a single word. With the software it maybe the best bet, but it's still annoying. On the other hand I find that I like firefox better than other browsers and so I make a compremise on how it's patched.
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right

  • Nanotech: The Circuits Blog

    Intel ships low-power chips for servers

    New server chips from processor giant draw as little as 12.5 watts per core.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Coop's Corner

    Chris Shipley 1, Internet lynch mob 0

    Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • Webware

    Google upgrades Gmail for IE 6 users

    The online e-mail application is faster for those using the 7-year-old browser and gets features already available to more modern browsers, Google said.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Crave

    Fry's Electronics leaks more slim Zune details

    Features include a 'Device Cloud,' customizable music channels, and free games.

  • Green Tech

    TI does energy efficiency on a chip

    Its line of Piccolo microcontrollers can reduce power consumption significantly of home appliances, hybrid cars, LED lighting, and even solar panels.

News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET