The alleged critical flaws in
Firefox's JavaScript implementation have turned out to be a hoax, according to a report on
Heise Security.
The report claims that Mischa Spiegelmock - one of the two hackers that made the allegations - told Window Snyder, Mozilla's security chief that the main purpose of their talk was
"to be humourous." Sigh.
While the hole does exist and it is still possible to create a stack overflow using the exploit, it seems that Spiegelmock and Wbeelsoi over-exaggerated the implications that the flaw has on a user's system. Indeed, the only result that Spiegelmock has been able to produce is a browser crash.
In fact, nobody has managed to execute code using the exploit, including both Spiegelmock and Wbeelsoi. However, neither hacker has back tracked on the claims about the flawed JavaScript implementation - the claims were just sensationalised in order to make headlines.
Mozilla has stated that it will continue investigations into the flaws and will continue fix areas of code that could cause security issues. You can read the full report
here and thanks to
TechReport for the heads up.
Discuss in the forums
Want to comment? Please log in.