All the latest UK technology news, reviews and analysis
|
|
|
04 Oct 2006
A security expert who claimed to have discovered a critical vulnerability in the open source Firefox browser has retracted his original claims.
Mischa Spiegelmock demonstrated what he claimed was a JavaScript vulnerability in Firefox at the ToorCon hacker conference in San Diego over the weekend.
He said that the flaw could allow for remote code execution, and boasted that he knew of at least another 30 undisclosed vulnerabilities.
Spiegelmock has now admitted to Mozilla that the security vulnerability would only crash the browser and that he had been unable to execute arbitrary code.
"The main purpose of our talk was to be humorous. I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim," he said in a statement that was posted on the Mozilla website.
"I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. I apologise to everyone involved, and I hope I have made everything as clear as possible."
Prior to Spiegelmock's confession, Mozilla security chief Window Snyder had reported that the vulnerability was incapable of allowing remote code execution.
Snyder said that, despite the limited risk to end users, the software developer still takes the issue seriously and will continue its investigation.
Latest stories from Open Source
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
We have been given the privilege of recruiting for a...
My client is a proprietary, electronic trading firm and...
Our client is looking for a Senior Project Manager (Telecoms...
Business Analysts are being sought by my leading financial...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Someone or some thing make it crash
I have encountered 2 scams that made my Firefox 2.0.0.4 crash or report a problem to Windows. I was searching the internet for something then suddenly its gone, then a small window on the lower right corner appears, then next a full window appears, states I have a trojan and a virus - that may or may not exist, it does a scan without me accepting it. Expects money to fix it. Some of them are listed at: Symantec.com - System Doctor is one of them, ContraVirus Pro is another. Several years ago someone explain what happend in Internet Explorer 5.5 - 6.0 and I forgot how they did it.
Posted by: Steven 08 Jul 2007
Hmmm
Since nobody is out gunning for the politicians who accept "business as usual" revenues from K Street (the Lobbyists), maybe individuals should only be held as accountable as we hold our Politicians accountable.
Posted by: BarryZ 05 Oct 2006
follow the money
How much did M$oft pay him? Lots of people saw the news of the "bug", probably lots fewer will see the retraction. Who stands to benefit from this?
Posted by: Pete 04 Oct 2006
Firefox hacker exposed as a fraud
Sure had a lot of people fooled on beginning October and not April 1. Send the bill for labour and file a law-suite for intend to create public unrest.
Posted by: sekerob 04 Oct 2006
More People need to goto jail
I think with the security at the state that it is these days, we should start to apply some of the same rules as the Airline industry. Make a false claim like this and disrupt people lives and even possibly endanger peoples personal information . . . . automatic arrest and questions later. Sorry to say - what a sick world we live in these days!!!
Posted by: G. Gordon 04 Oct 2006
.
yes, because all problems can be solved with a lawsuit.
Posted by: b 04 Oct 2006
do you douche?
what a bunch of douche bags!
Posted by: Douche Douche? 04 Oct 2006
Jason Fortuny seems to know these folks
Same guy as the CL experiment, knows these folks
Posted by: jackson 03 Oct 2006
heh
what a douche
Posted by: roger 03 Oct 2006
Was it really a hoax?
Was the whole thing really a hoax, or did someone mention to these two loud-mouthed nitwits that the FBI would be monitoring everything they do on the Internet from now until hell freezes over? I'm guessing they're just trying to cover their stupid butts.
Posted by: Mark F. 03 Oct 2006
Window
These guys should be prosecuted for this. Only goodness knows what havoc they've caused by their attempt at humour.
Posted by: Noynal 03 Oct 2006