On Mon, Apr 04, 2005 at 10:01:25PM +0100, Anthony Edwards wrote:
A new, quite fascinating vulnerability was apparently discovered today, which allows attackers to craft custom JavaScript code in order to gain access to information contained in system RAM; all current versions of Mozilla Firefox are believed to be affected:
http://secunia.com/advisories/14820/
An intriguing test for this vulnerability (watch information contained in system memory echo to the screen!) appears here:
http://secunia.com/mozilla_products_arbitrary_memory_exposure_test/
A temporary workaround is to disable JavaScript support, however SuSE will be releasing a patched version of Firefox presumably?
Of course we will provide the now biweekly Firefox security update *sigh* Might take some days. Ciao, Marcus