We must backtrack on our comments about Firefox’s JavaScript flaws from Monday. While the possibility of this happening and the various descriptions made by my Front-End Developer, Gareth, still hold true, apparently it was made up. Below you can view the explanation we’ve heard regarding this “alleged critical hole.”

(Text included below.)

http://www.heise-security.co.uk/news/78970

“The allegedly critical hole reported yesterday in Firefox’s JavaScript implementation has turned out, not surprisingly, to be a hoax. Mischa Spiegelmock, who made the claim at the Toorcon hacker conference, told Mozilla’s security chief Window Snyder, “The main purpose of our talk was to be humorous.”

While it is possible to create a stack overflow, the only result he has been able to produce is a browser crash. Neither he, nor anyone else, has managed to execute code via this hole. Spiegelmock claims to know nothing about the other 30 holes reported in the media. The Mozilla team nevertheless plans to look into the matter in order to detect and remedy any flaws.”