Firefox JavaScript Vulnerability a Hoax

JavaScriptSearch
Wednesday, October 4, 2006; 09:07 AM

Hacker Mischa Spiegelmock, who announced at Toorcon conference that Firefox was a security mess in the way it treated JavaScript, has admitted that he had meant it as a joke.  His vulnerability discovery claim had quickly attracted the attention of media and security experts.

The Mozilla Developer Center News credits Spiegelmock with saying that "the main purpose of our talk was to be humorous. As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has."

Previously Spiegelmock stated that Firefox's JavaSciprt VM contained vulnerabilities, which were so serious they could not be patched.