This awkward news, especially to Mozilla, was announced by two hackers during an event known as ToorCon. Mischa Spiegelmock and Andrew Wbeelsoi held a presentation where they spoke of a serious flaw in how Firefox handles JavaScript. The flaw is rooted in JavaScript Virtual Machine and for this reason it is much harder to fix compared to regular security holes. The two hackers displayed detailed information about how to take command over a computer just by using a website with harmful JavaScript code. After that Mozilla’s Security Chief, Window Snyder, had seen the presentation at ToorCon she announced that Mozilla will start an investigation as it seemed to be a serious problem.
“Snyder said she isn’t happy with the disclosure and release of an apparent exploit during the presentation. “It looks like they had enough information in their slide for an attacker to reproduce it,” she said. “I think it is unfortunate because it puts users at risk, but that seems to be their goal.”
The hackers claimed that they have access to thirty-ish open security holes in Firefox and that this is information it will not share with Mozilla. The biggest problem is the handling of JavaScript and the question is how long it will take Mozilla to solve this.
