Firefox contains critical security flaw

At the ToorCon hacker convention on Saturday, programmers Mischa Spiegelmock and Andrew Wbeelsoi revealed a Firefox exploit that would allow would-be hackers access to users' computers through the popular open-source browser. "Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, at the convention. The hack, which was demonstrated at ToorCon, uses nothing more than a web page running a few lines of malicious JavaScript code to gain control of an end user's computer. According to Spiegelmock and Wbeelsoi, all versions of Firefox for Windows, OS X and Linux are vulnerable. "What they are describing might be a variation on an old attack," said Window Snyder, chief of security for Mozilla. "We're going to do some investigating." As this is an exploit that has wide ramifications for enterprises everywhere, we'll be following the story closely as it develops.

For more on the Firefox exploit:
- hack into this CNET article

See also:
- eWeek's walkthrough of Firefox 2.0 RC1