Re: Firefox Javascript information disclosure

From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: 04/10/05


Date: Sun, 10 Apr 2005 01:06:04 -0700

winged wrote:

> Folks know I am a Firefox fan, however folks should be aware there is a
> new information disclosure bug in Firefox that is rated moderately
> critical. Looking at the bug I can see why it may be considered so
> however I believe the information disclosed would probably be minor,
> haven't seen a bug fix outside of disabling Java scripting. There is
> more here along with a test that shows you the memory dump it can provide.
>
> http://secunia.com/advisories/14820/
>
> Winged

A few notes. Do not get freaked out remember a couple of things:

1) The info leak will only display a small fragment of YOUR memory (ie your
processes) not the system's (privileged memory)

2) It is such a small fragment the chances of it revealing something
remotely interesting is almost nil.

In either case a patch is due to come out in a couple of days...

Michael

-- 
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald