Firefox, Mozilla Bug Exposes Data

The Mozilla Foundation's open-source browsers can be exploited by hackers to gain access to data currently in memory (but not information only stored on the hard drive), said the Danish security company Secunia.

According to Mozilla, use of a JavaScript "lambda" replace can expose arbitrary amounts of heap memory after the end of a JavaScript string. "Successful exploitation may disclose sensitive information in memory," said Secunia in its online alert.

The bug has been confirmed in the most recent versions of Firefox (1.0.2) and Mozilla (1.7.6), and at the moment, no patch is available. (Developers are working on one, however; to track what they're up to, check out this page on Bugzilla.)

Secunia recommends that users temporarily disable JavaScript support for what it considers a "moderately critical" bug.

Firefox and Mozilla users can try this test that Secunia has created to confirm that their browser is vulnerable.