14 DAY TRIAL // The Secunia security company has announced the discovery of a vulnerability in the Mozilla suite and in Mozilla Firefox. If a hacker exploits this vulnerability, he is able to obtain private information stored in the computer or typed in the browser. This time we are not dealing with a phishing attack, which are so common these days, but with the hacking of memory systems, the result being the unauthorized access to stored information.
This problem was tracked in the JavaScript engine of the software solutions, Firefox 1.0.1 and 1.0.2, which are the latest versions of the browser, but also in the Mozilla 1.7.6 and previous versions. The vulnerability was discovered in the JavaScript support and allows the unauthorized access to zones of memory located after the zones specified within the transformed JavaScript.
This security breach should not be a surprise to users who counted on the browser's invincibility to end the Internet Explorer supremacy. Every browser has bugs and this thing cannot be avoided. However, the difference between the companies is the way in which are managed the patch releases. It took Microsoft months to release some patches for severe vulnerabilities that have been publicly announced.
Mozilla Foundation has for now a steady pace of patches and new versions releasing for their products. One of the main advantage FireFox is having over other browsers is the security.
Secunia launched a test on their website which allows users to verify if the Javascript vulnerability is active or not on their systems. The test is available at the address http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/