To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/malware/0,3800003100,39129316,00.htm

Security flaw found in Firefox
Users at risk from "moderately critical" hole…

By Dawn Kawamoto

Published: Wednesday 06 April 2005

A flaw has been discovered in the popular open-source browser Firefox that potentially could release sensitive information stored in memory, according to a report by security information company Secunia.

While the flaw is only rated as "moderately critical," the rapid adoption of the open-source browser may put a growing number of users at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached eight million within the first 18 months.

Firefox versions 1.0.1 and 1.0.2 contain the flaw, Secunia said.

The vulnerability stems from an error in the JavaScript engine, according to Secunia. This error can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory.

"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other websites you visited and the information you entered there," said Thomas Kristensen, Secunia's CTO.

Mozilla is currently working on a patch, and no known cases have been reported, said a Mozilla spokesman.

Secunia has developed a test that allows users to gauge whether their systems are affected by the vulnerability.

Dawn Kawamoto writes for CNET News.com