- Firefox Javascript information disclosure
- Posted by winged on April 8th, 2005
Folks know I am a Firefox fan, however folks should be aware there is a
new information disclosure bug in Firefox that is rated moderately
critical. Looking at the bug I can see why it may be considered so
however I believe the information disclosed would probably be minor,
haven't seen a bug fix outside of disabling Java scripting. There is
more here along with a test that shows you the memory dump it can provide.
http://secunia.com/advisories/14820/
Winged
- Posted by Michael Pelletier on April 10th, 2005
winged wrote:
A fix is coming in a couple of days...
Michael
--
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald
- Posted by Michael Pelletier on April 10th, 2005
winged wrote:
A few notes. Do not get freaked out remember a couple of things:
1) The info leak will only display a small fragment of YOUR memory (ie your
processes) not the system's (privileged memory)
2) It is such a small fragment the chances of it revealing something
remotely interesting is almost nil.
In either case a patch is due to come out in a couple of days...
Michael
--
"Microsoft isn't evil, they just make really crappy operating systems." -
Linus Torvald
- Posted by winged on April 12th, 2005
Michael Pelletier wrote:
IE where one can run the code of choice of the attacker. Of the two,
I'll take the random info disclosure. If you have the ability to filter
outbound nfo you can put logins/passwords, ssn, credit card numbers
(partial) in filters to alert you when they attempt to traverse the
firewall.
Winged
