Hacker identified 30 unpatched Firefox flaws

By | October 3, 2006

According to media reports, hackers at the ToorCon Hacker Conference in San Diego, California have claimed to have found 30 unpatched Firefox flaws. An attack could happen on a computer running the browser simply by crafting a web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation.

Alan Bentley, Managing Director of PatchLink EMEA comments:

“In an attempt to persuade the hacking community and others to responsibly report critical security bugs, the Mozilla Security Bug Bounty Program is putting up $500 cash reward. The “carrot” dangled by Mozilla Bug Bounty Program – the cash reward and a T-shirt – have not been enough for these hackers to reveal the details of the 29 other vulnerabilities. However, despite the lacklustre response, this is a great move by Mozilla and other security companies to try and persuade the hacking community to take a more conscientious step towards accountability to the end user community.”

“The revelation of one of the unpatched Firefox flaws has already put Firefox users at risk. However, with another 29 potential unpatched flaws hanging over Firefox users’ heads – there is a real urgency for users to ensure that their other security defences are in tact such as making sure their firewall, anti virus, and intrusion prevention software are updated to thwart such potential attacks.”

“Equally, users must stay vigilant and keep an eye out for a patch as soon as one becomes available. As the number of vulnerabilities continues to rise with over 6,700 expected in 2006, it is critical for organizations to adopt proactive security practices to ensure a complete network security. This means establishing processes that will allow the IT staff to quickly deploy the patch across their IT infrastructure to mitigate risks when a fix is made available.”

Leave a Reply