By TechWeb Technology News
Both Firefox and the Mozilla browser suite are vulnerable to attacks through flawed JavaScript engines, a security firm reported Monday.
The Mozilla Foundation's open-source browsers can be exploited by hackers to gain access to data currently in memory (but not information only stored on the hard drive), said the Danish security company Secunia.
According to Mozilla, use of a JavaScript "lambda" replace can expose arbitrary amounts of heap memory after the end of a JavaScript string. "Successful exploitation may disclose sensitive information in memory," said Secunia in its online alert.
The bug has been confirmed in the most recent versions of Firefox (1.0.2) and Mozilla (1.7.6), and at the moment, no patch is available. (Developers are working on one, however; to track what they're up to, check out this page on Bugzilla.)
Secunia recommends that users temporarily disable JavaScript support for what it considers a "moderately critical" bug.
Firefox and Mozilla users can try this test that Secunia has created to confirm that their browser is vulnerable.
Try TechWeb's RSS Feed!Lowes seeking Information Security Analyst II in North Wilkesboro, NC
United Nations Foundation seeking Systems Administrator in Washington, DC
World Book seeking Java Technical Lead in Chicago, IL
Advanced Workstations in Education seeking Software Developer in Chester, PA
Silicon Labs seeking Automotive Market Segment Director in Austin, TX
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
