Firefox Flaw a Hoax


One of the speakers at a Toorcon security conference session last weekend has admitted that claims he and an accomplice made regarding an “unfixable” flaw in Firefox, and a video of the two purportedly exploiting this flaw, were a not-so-elaborate hoax.


One of the speakers at a Toorcon security conference session last weekend has admitted that claims he and an accomplice made regarding an “unfixable” flaw in Firefox, and a video of the two purportedly exploiting this flaw, were a not-so-elaborate hoax.

“The main purpose of our talk was to be humorous,” admitted Mischa Spiegelmock, in a statement made through Mozilla.org this afternoon.

How does a sophomoronic dweeb like get to be on the stage at a conference purported to be technically legitimate?

“As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

“I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly haven’t used it to take over anyone else’s computer and execute arbitrary code,” Spiegelmock added.

A Mozilla spokesperson told BetaNews this afternoon, “Mozilla takes painstaking measures to maintain the security of Firefox, and immediately started investigating these reports these past weekend.” The company’s security chief, Window Snyder, posted a statement saying the company will continue to investigate further, assuming there’s actually anything that needs to be investigated.

So, who repays Mozilla for the time and money they had to waste investigating the specious claims of this merry prankster?

Posted: Wed - October 4, 2006 at 10:00 AM