One of the two hackers who made the claim at the ToorCon hackers conference that they’d found a critical flaw in Mozilla’s browser Firefox has retracted somewhat.
On its Developer Center webpage, Mozilla has posted an update with a full statement from Mischa Spiegelmock in which he says that the talk was meant to be “humorous”.
He also admits that the code the two of them presented doesn’t result in a stack overflow with remote code execution.
“…I personally have not gotten it to result in code execution, nor do I know of anyone who has”, Spiegelmock writes.
“I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code.”
Spiegelmock’s co-speaker, Andrew Wbeelsoi, also claimed to know of 30 undisclosed flaws in Firefox, but Spiegelmock failed to back-up his buddy: “I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.”
Spiegelmock closed his statement with an apology.
A Mozilla spokesperson was unable to make a comment about the situation, apart to say that they are still investigating the claims made by the two hackers.