Firefox Vulnerability Hoax [Was: Re: video showing a PC being infected]

["Fergie" <fergdawg () netzero net>]

Brian Krebs had a great article about this today in his "Security
Fix" blog:

http://blog.washingtonpost.com/securityfix/2006/10/zeroday_firefox_exploit_claime.html

- ferg


-- "Dude VanWinkle" <dudevanwinkle () gmail com> wrote:

you too can learn from my mistakes:

http://news.com.com/Hacker+backpedals+on+Firefox+zero-day/2100-7349_3-6122317.html?tag=nl

A hacker who claimed to have found a serious zero-day bug in Firefox
now says he was never able to exploit the supposed vulnerability to
hijack computers.

On Saturday, Mischa Spiegelmock and Andrew Wbeelsoi told attendees at
the ToorCon event in San Diego that Firefox is critically flawed in
the way it handles JavaScript. An attacker could commandeer a computer
running the open-source Web browser simply by crafting a Web page that
contains some malicious JavaScript code, they said. They displayed
some of that code.
Hackers' presentation

But Spiegelmock has now backpedaled on those claims. In a statement
provided to Mozilla, which coordinates development of Firefox,
Spiegelmock said that the computer code displayed during the
presentation does not fully compromise a PC running the browser.

[snip]




_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.