We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

The 'unpatchable' flaw in Firefox

JavaScript handling error poses big problem

Two hackers over the weekend disclosed an 'unpatchable' security flaw in the Firefox browser, possibly giving out enough information for attackers to replicate the bug, according to a report.

Mischa Spiegelmock and Andrew Wbeelsoi made the presentation, called 'Lovin the LOLs, LOL is my will', at the ToorCon hacker conference in San Diego on Saturday. They said Firefox's implementation of JavaScript is responsible for the flaw, which they called "a complete mess", according to a report from industry journal ZDNet.

The bug affects Firefox on Windows, Mac OS X and Linux, and means that attackers could compromise a system simply by adding particular JavaScript code to a website, the hackers said. The exploit causes a stack overflow error, according to the report.

Spiegelmock and Wbeelsoi said Firefox's implementation of JavaScript would be "impossible to patch", according to the report. Mozilla acknowledged that the bug could be difficult to fix if it involves the JavaScript virtual machine.

The disclosure follows several days of security difficulties for Microsoft's IE (Internet Explorer) browser. Last week Microsoft issued an emergency patch for IE after attackers began exploiting an unpatched security flaw on thousands of websites. The bug was used to plant a wide variety of malicious programs on users' systems.

Last month Symantec published a report showing that Firefox had acknowledged more security holes than IE. However, Symantec said Mozilla is typically much more prompt at acknowledging holes when they're reported, and is capable of patching more quickly, because of its open-source nature.


IDG UK Sites

4G to get faster and cheaper with Freeview spectrum: We're in for a wait though

IDG UK Sites

Why you shouldn't buy your gadgets at launch: Wait and pick up a bargain

IDG UK Sites

Artist creates a geometric rave in a chapel for The House of St Barnabus

IDG UK Sites

Mac mini (Late 2014) 1.4 GHz review: Mac mini is sort of upgradable, but is it any good as it is?