Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - Firefox ... InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Firefox ...

Published: 2006-10-03
Last Updated: 2006-10-03 14:49:26 UTC
by Swa Frantzen (Version: 1)
0 comment(s)

Firefox seems to have its share of followers, just like the Mac community. I'm actually using both typing this so don't get on my case too much. Their supporters seem to react a lot when it comes to vulnerabilities being exposed at hacker venues. While fascinating from a social perspective, let's look at what we do know:

Over the weekend a conference called ToorCon was held in San Diego and one of the presentations by Mischa Spiegelmock and Andrew Wbeelsoi was (among other things?) about Firefox security.

None of us handlers at that point had seen the presentation(*) itself and the interaction with a Mozilla staffer, but we did see the Mozilla developers react to it like it was real (as they should) and we reported briefly about it ourselves. So there was something but none of us knew exactly what or how it was and the threat of having more exploits up their sleeve wasn't going to give a comfortable feeling any time soon.

Today we were pointed by numerous readers towards more news by Mozilla. While it seems to debunk the whole situation somewhat, do reread this one before calling it a hoax. There is a DoS in there and those have shown in the past this nasty habit of sometimes turning around and biting you with code execution (like the setslice thing did for MSIE).

All in all the whole thing obviously was hilarious to present and attend (see the video above), but it still leaves the rest of us with a foul taste.

(*): In a twisted way, you need javascript enabled and sit through the commercial before you can see it.

--
Swa Frantzen -- Section 66

Keywords:
0 comment(s)
Diary Archives