Sign in with
Sign up | Sign in

The Firefox exploit that wasn't - Hackers backpedal

By - Source: Tom's Hardware | B 0 comment
Tags :



San Diego (CA) - The much reported Firefox vulnerabilities and exploits from the Toorcon computer security conference appear to be greatly exaggerated. A pair of hackers claimed to have found 30 undisclosed vulnerabilities on the popular browser and even boasted that they could execute malicious code. Now, one of the hackers, Mischa Spiegelmock, has apologized for the talk, saying that its main purpose was "to be humorous".

Spiegelmock and another hacker going by the pseudoname "Andrew Wbeelsoi" spoke to a packed audience on Saturday and talked about a Javascript vulnerability that could overload the stack and then allow remote code execution. Immediately Mozilla officials and other hackers worked to replicate the vulnerability and patch the code.

But it turns out that there was no such vulnerability. Spiegelmock emailed Mozilla a statement which has now been posted on their Mozilla website. He says that the talk was meant to be entertaining and "humorous" and that the exploit code did not give remote execution privileges to a hacker. He adds, "I do not have 30 undisclosed Firefox vulnerabilties".

The Firefox browser has become a very successful alternative browser for people who are tired of Microsoft Internet Explorer. In some markets, the award winning browser has a higher share than IE.

Despite the exaggerations, Mozilla is leaving nothing to chance and Window Snyder, Mozilla’s chief of security says, "We still take this issue seriously. We will continue to investigate."

Discuss
There are 0 comments.
This thread is closed for comments