Tuesday, 26 October 2010

12-year-old finds serious Firefox flaw

The security researcher who found and reported this critical buffer overflow and memory corruption vulnerability in Mozilla’s Firefox browser is none other than Alex Miller, a 12-year-old boy who earned a $3,000 bounty for his discovery, according to a ZDNet blog. By Alex’s estimation he spent about 90 minutes each day for about 10 days until he spotted it–a flaw in the memory of the running program. The vulnerability, which can be exploited to crash a victim’s browser and potentially run arbitrary code on their computer, was patched this week in Firefox 3.6.11 and Firefox 3.5.14. It also affects Mozilla’s Thunderbird 3.1.5, Thunderbird 3.0.9 and SeaMonkey 2.0.9.

No comments: