Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Firefox Flaw Demo Is Itself Flawed

One of two hackers who demonstrated a vulnerability in Mozilla Corp.'s Firefox at a hacker conference on Saturday has retracted claims that the bug could be exploited to hijack computers running the browser. In fact, the hacker's demo may have been little more than a joke.

Mischa Spiegelmock and Andrew Wbeelsoi showed exploit code for a Firefox JavaScript vulnerability at the ToorCon hacker conference amid claims that they had nearly three dozen vulnerabilities they weren't going to disclose. Mozilla immediately began investigating.

Monday, however, Spiegelmock forwarded a message to Mozilla that was posted on the company's developer center.

"We mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution," wrote Spiegelmock. "However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

"I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities," he added.

  • 1