A flaw has been discovered in the popular open-source browser Firefox that potentially could release sensitive information stored in memory, according to a report by security information company Secunia.
While the flaw is only rated as "moderately critical," the rapid adoption of the open-source browser may put a growing number of users at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.
Firefox versions 1.0.1 and 1.0.2 contain the flaw, Secunia said.
The vulnerability stems from an error in the JavaScript engine, according to Secunia. This error can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory.
Soruce: http://news.com.com/Flaw+found+in+Firefox/2100-1029_3-5655861.html?tag=nefd.top
- Note: The Soruce link contains a test to see wether the security hole has affected you.
While the flaw is only rated as "moderately critical," the rapid adoption of the open-source browser may put a growing number of users at risk. Prior to the release of version 1.0, downloads of earlier versions of the browser had reached 8 million within the first 18 months.
Firefox versions 1.0.1 and 1.0.2 contain the flaw, Secunia said.
The vulnerability stems from an error in the JavaScript engine, according to Secunia. This error can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory.
Soruce: http://news.com.com/Flaw+found+in+Firefox/2100-1029_3-5655861.html?tag=nefd.top
- Note: The Soruce link contains a test to see wether the security hole has affected you.