ZT--Firefox出现新高危0Day漏洞

小楼东风

Firefox出现新高危0Day漏洞
作者：且听枫吟 编辑：且听枫吟　2006-10-2 5:18:00

周六下午，两名黑客在ToorCon黑客大会上宣布，发现著名开源浏览器Firefox在处理JavaScript过程中存在一个高危漏洞，黑客能够通过包含恶意Javascrpt代码的页面来利用该漏洞获得计算机完整访问权。

据称，Windows、Apple Mac OS X以及Linux平台下的Firefox都受到该漏洞影响。

“众所周知，IE浏览器并不安全，但是，Firefox也非万全之策。”黑客Spiegelmock详细讲解了Firefox该漏洞细节，并展示了展开恶意攻击所需代码的核心部分。
http://news.mydrivers.com/pages/20061002051818_53092.htm

acguy

请给出国外原文出处，不要乱转国内的谣言！

种草得草

Post by acguy
请给出国外原文出处，不要乱转国内的谣言！

原文正常情况下是找不到的.


我发现人类都有存在高危漏洞啊,感染上艾滋病,一般都会死亡.

deepwater

Post by acguy
请给出国外原文出处，不要乱转国内的谣言！

http://news.zdnet.com/2100-1009_22-6121608.html

軟件而已，沒必要燃上宗教般的熱情，你說呢？:ask

troll

非常同意楼上的看法。

Thruth

http://www.whitedust.net/speaks/3006/

这个够原

ganloo

Mozilla官方Window Snyder 的blog中回应：

Possible Vulnerability Reported at Toorcon
When someone says they’ve identified a vulnerability, we treat it as real until we can verify otherwise. We immediately begin investigating and trying to fix it. This is how we’re able to ship fixes so quickly. At Toorcon this weekend, two speakers claimed they found vulnerabilities in the Javascript VM. Of course we take that very seriously.

So far we’ve been able to reproduce a denial of service issue based on the information they gave during their talk. In some cases this causes a crash based on an out of memory error. Based on the information we have at this time we have not been able to confirm whether an attacker can achieve code execution. We’re still investigating and we’ll keep you updated.

种草得草

估计是微软的广告...

troll

如果用Linux能让人变成偏执，还是不用的好。

小楼东风

我们看不懂英文，mozilla大致是什么意思？