Re: Firefox Javascript information disclosure

From: Michael Pelletier (mjpelletier_at_mjpelletier.com)
Date: 04/10/05


Date: Sun, 10 Apr 2005 01:06:04 -0700

winged wrote:

> Folks know I am a Firefox fan, however folks should be aware there is a
> new information disclosure bug in Firefox that is rated moderately
> critical. Looking at the bug I can see why it may be considered so
> however I believe the information disclosed would probably be minor,
> haven't seen a bug fix outside of disabling Java scripting. There is
> more here along with a test that shows you the memory dump it can provide.
>
> http://secunia.com/advisories/14820/
>
> Winged

A few notes. Do not get freaked out remember a couple of things:

1) The info leak will only display a small fragment of YOUR memory (ie your
processes) not the system's (privileged memory)

2) It is such a small fragment the chances of it revealing something
remotely interesting is almost nil.

In either case a patch is due to come out in a couple of days...

Michael

-- 
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald


Relevant Pages

  • Re: Firefox Javascript information disclosure
    ... >>Folks know I am a Firefox fan, however folks should be aware there is a ... >>new information disclosure bug in Firefox that is rated moderately ... Looking at the bug I can see why it may be considered so ...
    (alt.computer.security)
  • CelerBB 0.0.2 Multiple Vulnerabilities
    ... Information Disclosure ... Fix ... This bug allows a guest to view reserved ... Authentication Bypass ...
    (Bugtraq)
  • Re: Firefox Javascript information disclosure
    ... > new information disclosure bug in Firefox that is rated moderately ... Looking at the bug I can see why it may be considered so ... > haven't seen a bug fix outside of disabling Java scripting. ...
    (alt.computer.security)
  • Firefox Javascript information disclosure
    ... Folks know I am a Firefox fan, however folks should be aware there is a ... new information disclosure bug in Firefox that is rated moderately ... Looking at the bug I can see why it may be considered so ...
    (alt.computer.security)
  • Re: Heartbleed (was ... Re: My fellow (Debian) Linux users ...)
    ... says that both he and a reviewer missed the bug. ... One thing I think I remember openBSD did for this kind of thing was putting ... freeed memory into a pool that is sanitized ... if openssl were using the system mallocwhen compiled ...
    (Debian-User)