Archive | September 9, 2005

FireFox flaw found; researcher releases details prematurely; temporary fix available

Computerworld News reports Firefox flaw found: Remote exploit possible. “Computers running the Firefox Web browser could be open to remote attack as a result of a buffer overflow vulnerability reported today by a security researcher.”

In what sounds like a pretty irresponsible act, MozillaZine reports According to the News.com article, Ferris reported the flaw to the Mozilla Foundation on Sunday, in line with the Mozilla security bugs policy. However, he decided to make the vulnerability public “after a run-in with Mozilla staff”.

A description of how to disable the flaw is described in the article (also in the comments) and a patch will be forthcoming soon. Note that the flaw the same researcher reported to Microsoft last month (and did not disclose publicly) has still not been patched.

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.