internetnews.com: JavaScript Flaw Hits Mozilla Users

"Russian security researcher going by the alia alias of Azafran has discovered a flaw in Mozilla Suite and Firefox Web browsers that could potentially put users at risk from the disclosure of arbitrary heap memory.

"The JavaScript Lambda Replace Heap Memory Disclosure Vulnerability exists in how the 'replace()' function handles lambda expressions. An attacker could exploit the flaw and read the arbitrary contents of a users heap memory. It could also potentially be used for further attacks against the vulnerable computer..."

Complete Story

Related Stories:

• CNET News: Mozilla Fixes Risky Firefox Flaw(Mar 23, 2005)
• The Register: Small-Minded Mozilla Mocked by Wider World(Feb 25, 2005)
• Mozilla.org: Mozilla Foundation Announces Update to Firefox(Feb 25, 2005)