The alleged critical flaws in Firefox's JavaScript implementation have turned out to be a hoax, according to a report on Heise Security.
The report claims that Mischa Spiegelmock - one of the two hackers that made the allegations - told Window Snyder, Mozilla's security chief that the main purpose of their talk was "to be humourous." Sigh.
While the hole does exist and it is still possible to create a stack overflow using the exploit, it seems that Spiegelmock and Wbeelsoi over-exaggerated the implications that the flaw has on a user's system. Indeed, the only result that Spiegelmock has been able to produce is a browser crash.
In fact, nobody has managed to execute code using the exploit, including both Spiegelmock and Wbeelsoi. However, neither hacker has back tracked on the claims about the flawed JavaScript implementation - the claims were just sensationalised in order to make headlines.
Mozilla has stated that it will continue investigations into the flaws and will continue fix areas of code that could cause security issues. You can read the full report here and thanks to TechReport for the heads up.
Discuss in the forums
The report claims that Mischa Spiegelmock - one of the two hackers that made the allegations - told Window Snyder, Mozilla's security chief that the main purpose of their talk was "to be humourous." Sigh.
While the hole does exist and it is still possible to create a stack overflow using the exploit, it seems that Spiegelmock and Wbeelsoi over-exaggerated the implications that the flaw has on a user's system. Indeed, the only result that Spiegelmock has been able to produce is a browser crash.
In fact, nobody has managed to execute code using the exploit, including both Spiegelmock and Wbeelsoi. However, neither hacker has back tracked on the claims about the flawed JavaScript implementation - the claims were just sensationalised in order to make headlines.
Mozilla has stated that it will continue investigations into the flaws and will continue fix areas of code that could cause security issues. You can read the full report here and thanks to TechReport for the heads up.
Discuss in the forums
RELATED ARTICLES
MSI MPG Velox 100R Chassis Review
October 14 2021 | 15:04
Want to comment? Please log in.