Security Flaw Discovered in Firefox
Security firm Secunia has discovered a "moderately critical" security flaw in the most recent versions of Firefox and the Mozilla Suite. According to the advisory, a problem in the handling of JavaScript could potentially allow a remote user access to sensitive information.
"The vulnerability is caused due to an error in the JavaScript engine, as a 'lambda' replace exposes arbitrary amounts of heap memory after the end of a JavaScript string," Secunia said in the advisory.
The company provided an example of the flaw where users can test their browsers to see if they are susceptible to the problem. So far, the vulnerabilities have been confirmed in versions 1.0.1 and 1.0.2 of Firefox, and 1.7.6 of the Mozilla Suite.
Mozilla Foundation officials declined to comment on whether or not the flaw will be fixed in version 1.0.3 of Firefox, which is due shortly, although sources confirmed that a fix for the issue will be included in the update.
The bug was first reported on April 1 and was fixed within hours by Mozilla developers who integrated a patch into the latest Firefox and Mozilla code.
Firefox has been touted as more secure than Microsoft's Internet Explorer, which has challenged several security firms to attempt to find security holes in the browser. Mozilla even offers users a monetary award of $500 for each valid bug discovered through its Bug Bounty program.
Nathan Mook contributed to this report.