Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Firefox Flaw Demo Is Itself Flawed
One of the hackers who gave the demo says the main goal was to be humorous and has both apologized and retracted a bug claim.
October 3, 2006
2 Min Read
One of two hackers who demonstrated a vulnerability in Mozilla Corp.'s Firefox at a hacker conference on Saturday has retracted claims that the bug could be exploited to hijack computers running the browser. In fact, the hacker's demo may have been little more than a joke.
Monday, however, Spiegelmock forwarded a message to Mozilla that was posted on the company's developer center.
"We mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution," wrote Spiegelmock. "However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.
"I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities," he added.
"The main purpose of our talk was to be humorous. I apologize to everyone involved," Spiegelmock said.
Earlier Monday, Window Snyder, the new security chief of Mozilla, said her team had been unable to produce more than a browser crash with the exploit code. "Even though Mischa hasn't been able to achieve code execution, we still take this issue seriously," Snyder said in an accompanying message on the developer center site. "We will continue to investigate."
Firefox 2.0 is nearly completion -- RC1 was launched last week -- and will compete with Microsoft's Internet Explorer 7 when it reaches final form.
You May Also Like
10 Considerations to Building Hybrid Mesh Firewall
Hybrid Mesh Firewall: An Essential Solution for Today's Distributed Enterprise
*State of ITSM in Retail
A revolution in healthcare IT service management: How automation is driving improvements in a complex environment
Checklist: Top 6 Considerations to Optimize Your Digital Acceleration Security Spend