April 7, 2005 - (HOSTSEARCH.COM) - Security information company Secunia has announced the discovery of a flaw in the Firefox browser that has the potential to release sensitive information stored in memory. Versions 1.0.1 and 1.0.2 contain the flaw which is rated as ‘moderately critical’.
The vulnerability stems from an error in the JavaScript engine, according to Secunia. This error can expose arbitrary amounts of heap memory after the end of a JavaScript string. As a result, an exploit may disclose sensitive information in the memory.
"Unlike other browser flaws, this one is not subject to phishing or access to the system. But it can expose sensitive information from other websites you visited and the information you entered there," said Thomas Kristensen, Secunia's CTO.
Mozilla is currently working on a patch, and no known cases have been reported, said a Mozilla spokesman.
Secunia has developed a test that allows users to gauge whether their systems are affected by the vulnerability.
