Firefox Gets Vulnerable With JavaScript

The hackers, Mischa Spiegelmock and Andrew Wbeelsoi tried to explain at the 'ToorCon hacker' conference in San Diego that the Firefox flaw could make anyone a victim running the browser. The flaw is due to the Internet language JavaScript in browser's programming. An attacker could compromise such a computer and gain access over it by constructing a Web page that is written by a malicious JavaScript code. The duo in a presentation said that the flaw could make an impact on Firefox running on Windows, Apple's Mac OS X and Linux.

The hackers demonstrated the details of the flaw in a slide presentation, which showed the prime parts of the attack code essential to exploit Firefox and the PC running it. There are various JavaScript techniques, which when applied to the system can cause a 'stack overflow' error irrespective of the Operating System running on the PC.

The flaw discussed above pertains only to the Firefox's implementation of JavaScript, the scripting language widely used on the Web since a decade. Spiegelmock said the implementation is a total confusion and it is impossible to patch it.

Window Snyder, security chief of Mozilla said that the flaw could be a variation of an earlier attack and the present one appeared to be a real vulnerability. She further said that if the problem is related to the way the browser handles the JavaScript, then it is unlikely to have an early solution and it would take some time. She, therefore, advises Firefox users to turn off JavaScript for the time being till Mozilla has more information about the flaw.

Firefox was mainly brought to use as an alternative to Internet Explorer. Since IE always has a large user base, it has been the prime target for hackers. Also, it is easy to exploit and can be used to distribute worms and viruses. But with the growth in Firefox users, it too is becoming the hackers' target.

Related article: Firefox 2.0 Can’t Keep Pace with IE7

» SPAMfighter News - 10/9/2006