Two hackers at the ToorCon hacker conference in San Diego said that they’ve found a critical flaw in Firefox that looks, to them at least, impossible to patch.
Windows users are used to facing security threats, but smug Apple and Linux users aren’t immune to this bug, as it affects all versions of Firefox.
Spiegelmock said that malicious code could create a stack overflow error, and called the implementation “a complete mess”.
Mozilla’s security chief Window Snyder took the presentation completely seriously after watch a video of it; she said Mozilla would “do some investigating”, but isn’t happy of the release of the exploit to the wide world of hackers.
After hearing that the two hackers know of another 30 unpatched flaws in Firefox, Jesse Ruderman, a Mozilla security staffer, encouraged them to disclose the bugs to Mozilla, who gives away $500 per vulnerability.
Wbeelsoi simply said, “It’s a double-edged sword, but what we’re doing is really for the greater good of the Internet. We’re setting up a communication networks for black hats”.
Black hats are malicious hackers, and most want to exploit flaws for private gain. However, many promote accessibility over privacy and security, so why they want to target open-source software of the type Mozilla develops is anyone’s guess.