Firefox JavaScript security “a complete mess”?
According to the pair, [Firefox’s JavaScript] implementation is home to at least 30 possible exploits, all of which they plan to keep to themselves. […]
Mozilla’s head of security, Window Snyder, indicated that Mozilla believes the exploit to be real. She has also said that the presentation given at the conference contained enough information that other hackers may be able to reproduce the exploit before it can be patched.
I can’t find any evidence of this being a satirical joke mocking the whole Apple/SecureWorks affair. At least those ones aren’t calling themselves “security experts,” though, they seem content to be hackers.
[…] Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.
Anyone else see a problem with the idea that a hacker who publicizes a Firefox security flaw, and refuses to provide any assistance whatsoever in fixing it, works for the biggest commercial blogging platform?
Want to know when I post new content to my blog? It's a simple as registering for free to an RSS aggregator (Feedly, NewsBlur, Inoreader, …) and adding www.ff00aa.com to your feeds (or www.garoo.net if you want to subscribe to all my topics). We don't need newsletters, and we don't need Twitter; RSS still exists.
Legal information: This blog is hosted par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.
Personal data about this blog's readers are not used nor transmitted to third-parties. Comment authors can request their deletion by e-mail.
All contents © the author or quoted under fair use.
