Shaun Nichols in California, vnunet.com 03 Oct 2006

ADVERTISEMENTResearchers have detected a potentially serious flaw in the way that Mozilla's Firefox browser handles Javascript.

Two independant researchers outlined the vulnerability in a presentation over the weekend at the ToorCon hacker conference. The duo claimed that the vulnerability could allow attackers to take over control of a system through a specially crafted web page.

In a blog posting, Mozilla security chief Window Snyder wrote that the company was able to recreate browser crashes from the vulnerability. Snyder claimed however that he couldn't confirm the remote code execution.

The vulnerability affects the 'chrome context' component of Firefox, explained Eric Sites, vice president of research and development for security vendor Sunbelt Software. The feature provides certain trusted code such as Javascript with full access to Firefox's resources.


Original article here