is upon us and with it comes a bit of bad news for users of the Firefox web

browser!  Yet another possible flaw in

the Firefox’s JavaScript handling means that malicious code execution threatens

Windows, OS X and Linux users of Firefox. 

Mischa Spiegelmock and Andrew Wbeelsoi gave a presentation where they

detailed the flaw and even presented a slide which displayed parts of the code

required to exploit it.  Mozillas

security chief (Window Snyder, formerly with Microsoft) said that she wasn’t

happy about the disclosure saying “It looks like they had enough information in

their slide for an attacker to reproduce it” adding “I think it is unfortunate

because it puts users at risk, but that seems to be their goal”.  The two presenters claimed to know of another

30 un-patched Firefox vulnerabilities and laughed off any suggestions that they

disclose them and collect the $500 pre piece reward.

Spiegelmock said that this flaw is specific to Firefox’s

implementation of JavaScript which he claimed is a ‘complete mess’ and

‘impossible to patch’.  Warnings over the

Firefox development process were being cried as far back a 2005 and concern seems

to be increasing.  Is Firefox’s security

through obscurity finally over?