All the latest UK technology news, reviews and analysis
|
|
|
04 Oct 2006
A security expert who claimed to have discovered a critical vulnerability in the open source Firefox browser has retracted his original claims.
Mischa Spiegelmock demonstrated what he claimed was a JavaScript vulnerability in Firefox at the ToorCon hacker conference in San Diego over the weekend.
He said that the flaw could allow for remote code execution, and boasted that he knew of at least another 30 undisclosed vulnerabilities.
Spiegelmock has now admitted to Mozilla that the security vulnerability would only crash the browser and that he had been unable to execute arbitrary code.
"The main purpose of our talk was to be humorous. I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim," he said in a statement that was posted on the Mozilla website.
"I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. I apologise to everyone involved, and I hope I have made everything as clear as possible."
Prior to Spiegelmock's confession, Mozilla security chief Window Snyder had reported that the vulnerability was incapable of allowing remote code execution.
Snyder said that, despite the limited risk to end users, the software developer still takes the issue seriously and will continue its investigation.
Latest stories from Open Source
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
PHP developer - CSS, HTML, Javascript, MySQL, Linux...
Senior BPM Developer (Java, J2EE, Agile, Spring, Struts...
As a Business Analyst you will play a key role in understanding...
C#/ASP.NET Team - Gloucester - My client has an urgent...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Someone or some thing make it crash
I have encountered 2 scams that made my Firefox 2.0.0.4 crash or report a problem to Windows. I was searching the internet for something then suddenly its gone, then a small window on the lower right corner appears, then next a full window appears, states I have a trojan and a virus - that may or may not exist, it does a scan without me accepting it. Expects money to fix it. Some of them are listed at: Symantec.com - System Doctor is one of them, ContraVirus Pro is another. Several years ago someone explain what happend in Internet Explorer 5.5 - 6.0 and I forgot how they did it.
Posted by: Steven 08 Jul 2007
Hmmm
Since nobody is out gunning for the politicians who accept "business as usual" revenues from K Street (the Lobbyists), maybe individuals should only be held as accountable as we hold our Politicians accountable.
Posted by: BarryZ 05 Oct 2006
follow the money
How much did M$oft pay him? Lots of people saw the news of the "bug", probably lots fewer will see the retraction. Who stands to benefit from this?
Posted by: Pete 04 Oct 2006
Firefox hacker exposed as a fraud
Sure had a lot of people fooled on beginning October and not April 1. Send the bill for labour and file a law-suite for intend to create public unrest.
Posted by: sekerob 04 Oct 2006
More People need to goto jail
I think with the security at the state that it is these days, we should start to apply some of the same rules as the Airline industry. Make a false claim like this and disrupt people lives and even possibly endanger peoples personal information . . . . automatic arrest and questions later. Sorry to say - what a sick world we live in these days!!!
Posted by: G. Gordon 04 Oct 2006
.
yes, because all problems can be solved with a lawsuit.
Posted by: b 04 Oct 2006
do you douche?
what a bunch of douche bags!
Posted by: Douche Douche? 04 Oct 2006
Jason Fortuny seems to know these folks
Same guy as the CL experiment, knows these folks
Posted by: jackson 03 Oct 2006
heh
what a douche
Posted by: roger 03 Oct 2006
Was it really a hoax?
Was the whole thing really a hoax, or did someone mention to these two loud-mouthed nitwits that the FBI would be monitoring everything they do on the Internet from now until hell freezes over? I'm guessing they're just trying to cover their stupid butts.
Posted by: Mark F. 03 Oct 2006
Window
These guys should be prosecuted for this. Only goodness knows what havoc they've caused by their attempt at humour.
Posted by: Noynal 03 Oct 2006