Mozilla Ups Firefox Bug Threat, Slates Fix for Feb. 5

Mozilla Corp. bumped up the threat ranking for an unpatched Firefox bug to "high" Tuesday, but promised a fix is coming in Version 2.0.0.12, now slated for release on Feb. 5. The company's head of security, Window Snyder, confirmed that the browser, when running any of more than 600 add-ons, can be exploited to steal "session information, including session cookies and session history."

Snyder's acknowledgment followed an update by Gerry Eisenhaur, the researcher who first reported the Firefox problem. "There seems to be some confusion about what exactly the severity of this vulnerability is," Eisenhaur said on his hiredhacker.com blog. "This is not a chrome privilege escalation, but it [is] worse than just leaking some variables. I created another demo to read the sessionstore.js file. This will display information regarding your current session, [including] windows, tabs, cookies, etc."

View: The full story @ PCWorld

Report a problem with article
Previous Story

Windows Seven: We're Hiring!

Next Story

Image uploader bug blights MySpace

6 Comments

Commenting is disabled on this article.

Quote from the article "Alternately, Firefox users can install the popular NoScript extension to block exploits, regardless of which add-ons have been installed."

Yet another reason to install NoScript.

Whether or not this is caused when flat-file addons are included by the user, this is something they need to get fixed, pronto!