As reported in by for SecurityFocus in "Mozilla flaws more joke than jeopardy", Spiegelmock has apologized, indicating that the presentation was intended mainly as a joke:"An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.
"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it."
Although it is reported that there were those at the presentation who recognized it as an attempt at humor, it is refreshing to read the comment by recently hired Window Snyder at the Mozilla Developer Center:"The main purpose of our talk was to be humorous," the 19-year-old researcher said in the statement. "As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has."
"Even though Mischa hasn’t been able to achieve code execution, we still take this issue seriously. We will continue to investigate."
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.