is upon us and with it comes a bit of bad news for users of the Firefox web
browser! Yet another possible flaw in
Windows, OS X and Linux users of Firefox.
Mischa Spiegelmock and Andrew Wbeelsoi gave a presentation where they
detailed the flaw and even presented a slide which displayed parts of the code
required to exploit it. Mozillas
security chief (Window Snyder, formerly with Microsoft) said that she wasnt
happy about the disclosure saying It looks like they had enough information in
their slide for an attacker to reproduce it adding I think it is unfortunate
because it puts users at risk, but that seems to be their goal. The two presenters claimed to know of another
30 un-patched Firefox vulnerabilities and laughed off any suggestions that they
disclose them and collect the $500 pre piece reward.
Spiegelmock said that this flaw is specific to Firefoxs
impossible to patch. Warnings over the
Firefox development process were being cried as far back a 2005 and concern seems
to be increasing. Is Firefoxs security
through obscurity finally over?