Published at LXer:
Computer code that demonstrates how a known flaw in an older version of the Firefox or Mozilla web browsers can be exploited in a potentially crippling attack was published on the web over the weekend. The vulnerability was fixed in Firefox 1.0.5, released in July, and in Mozilla Suite 1.7.9, according to Mozilla. The code was published by Aviv Raff, a developer in Israel. Writing in his blog on Sunday he said: "I think it's been enough time for people to upgrade from v1.0.4 of Firefox." Raff's code doesn't do much harm but he notes that it would be easy to turn it into malicious code that commandeers a vulnerable system.