Alleged 'Unfixable' Exploit in Firefox
An overflow of stories concerning an alleged Firefox 1.5 exploit hit the Web over the weekend, emerging from an underground users' conference in San Diego. But after the dust has begun settling, evidence of the exploit's severity and even existence has yet to materialize from official sources, including the Mozilla organization responsible for Firefox's development.
A few weeks ago, a series of exploitable bugs involving Firefox's JavaScript interpreter were reported by Secunia in an official advisory, which continues to rate these flaws this morning as "highly critical."
"An error in the handling of JavaScript regular expressions containing a minimal quantifier," reads the Secunia advisory, "can be exploited to cause a heap-based buffer overflow." No more recent Firefox flaws have been added to Secunia's list since then.
The alleged flaw introduced last weekend at the ToorCon convention in San Diego was reported to also involve a buffer overflow triggered through the JavaScript interpreter, although reports have made it appear this is the first such flaw in Firefox's history - which is far from reality. The venue in which the alleged flaw was presented -- a session entitled "LOVIN THE LOLS - LOL IS MY WILL" -- promised attendees a mix of BIOS patches, AIM exploits and sexual innuendo.
There, amid the presumed innuendo, new Mozilla security chief Window Snyder -- a former @stake researcher recently hired away from Microsoft -- reportedly took seriously a video of the exploit shown at the conference, although reports do not go so far as to say whether Mozilla officials consider the exploit to be particularly novel.
In any event, characterizations of the apparently uniquely prepared exploit as "unpatchable" have spread faster than the average zero-day, without the aid of a professional security advisory to push it along.
BetaNews has contacted Mozilla.org officials for comment on the alleged flaw, which may yet be forthcoming.