Firefox Zero-Day Code Execution Hoax?
EUC with HCI: Why It Matters
A public claim by hackers that Mozilla's Firefox browser is vulnerable to multiple code execution vulnerabilities may be an overblown hoax.
Spiegelmock, a developer at Six Apart, a blog software company in San Francisco, now says the ToorCon talk was meant "to be humorous" and insists the code presented at the conference cannot result in code execution.
Spiegelmock's strange about-face comes as Mozilla's security response team is racing to piece together information from the ToorCon talk to figure out how to fix the issue.
Mozilla security chief Window Snyder, who was an attendee at the conference, said the company is treating the claims as real until it can be verified otherwise but, as of Oct. 2, the open-source group could only reproduce a denial-of-service issue that caused a browser crash.
"In some cases this causes a crash based on an out-of-memory error. Based on the information we have at this time we have not been able to confirm whether an attacker can achieve code execution. We're still investigating," Snyder said.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...