Firefox Javascript full of exploitable holes-and hackers aren't sharing

[antgross@pacbell.net]

http://arstechnica.com/news.ars/post/20061002-7885.html

[doctorgonzo]

It is rather lame for the people who claim to know the details of these exploits to not share them with the Mozilla development team. If you find a security hole, I think you have the ethical duty to take steps that will get it fixed.

[pam123]

I'm giving these guys the benefit of the doubt but it's beginning to look like they haven't been entirely truthful.

[pam123]

OK, here's the story linked to from Digg :

Claimed security hole in Firefox "just a joke"

The allegedly critical hole reported yesterday in Firefox's JavaScript implementation has turned out, not surprisingly, to be a hoax. Mischa Spiegelmock, who made the claim at the Toorcon hacker conference, told Mozilla's security chief Window Snyder, "The main purpose of our talk was to be humorous."

While it is possible to create a stack overflow, the only result he has been able to produce is a browser crash. Neither he, nor anyone else, has managed to execute code via this hole. Spiegelmock claims to know nothing about the other 30 holes reported in the media. The Mozilla team nevertheless plans to look into the matter in order to detect and remedy any flaws.

http://www.heise-security.co.uk/news/78970

[doctorgonzo]

Ha ha, what a funny joke.