Firefox defects delineated by Hackers

Two hackers said on Saturday that Firefox, an open source, cross-platform, graphical web browser developed by the Mozilla Corporation, usually comprehended as the more dependable and customizable substitute to market chief Internet Explorer, is critically flawed.

Hackers Mischa Spiegelmock and Andrew Wbeelsoi made a demonstration of the flaw at the ToorCon hacker conference in San Diego.

The duo highlighted the flaw at the conference, which they have called "a complete mess" that is "impossible to patch" in Firefox’s JavaScript execution.

Anyone using the Firefox can be a victim of the defect, as a web page can be infected by malevolent JavaScript code.

They said that the flaw can be used for 30 types of exploits; however they kept tight lipped, revealing only one at the presentation dubbed as "Lovin the LOLs, LOL is my will.” They only centered around one flaw, which the presenters said affects Firefox on Windows, Linux, and Mac OS X.

While seeing the video presentation, Mozilla's security chief Window Synder said that the matter seems to be a factual susceptibility.

The information revealing the details presented during the conference showing how one could exploit the flaw, has reached the public and other hackers, who Synder fears will take advantage of the flaw.

"I think it is unfortunate because it puts users at risk, but that seems to be their goal," she said.

The exploit reportedly causes a heaped spill over by simply including a small snip of JavaScript code on a webpage. The two however did not reveal fully about the exploit, leaving Mozilla under a shadow.

Jesse Ruderman, another member on the Mozilla security staff, pressed the hackers to elucidate all the flaws and collect $500 reward, per vulnerability. But Wbeelsoi said "what we're doing is really for the greater good of the Internet, we're setting up communication networks for black hats."

He has also promised a reward for the person who reports a vulnerability to the Firefox staff.

Symantec's biannual Internet Security Threat Report indicated that the number of browser vulnerabilities is on the rise. The report of the Firefox flaw came just one week afterwards, showing that it has the most number of vulnerabilities.

Spiegelmock and Wbeelsoi did not reveal how they identified the exploit, but their presentation has again ignited the arguments over the security of open source software. Rivals have been criticizing the open source software for long, claiming that the Bad People can misuse the source codes, resulting in exploits.

However, the supporters of the open source software say that publishing source code ultimately results in more security. They hold if more people look at the source code, vulnerabilities will be discovered and fixed easily.

Firefox, a multi-platform browser, including an incorporated pop-up blocker, tabbed browsing, live bookmarks, support for open standards, a skinnable interface and an extension mechanism for adding functionality, had over 25 million downloads in the 99 days after the preliminary 1.0 release.

Firefox became one of the most downloaded free and open source applications, especially among home users.

It has attracted attention as an alternative to other browsers such as Microsoft Internet Explorer and Apple Safari, which are labeled as standard browsers with versions of Microsoft Windows and Mac OS X respectively.

Being no stranger to criticism, Firefox has been picked apart for the longer time it takes to launch than other browsers such as Internet Explorer or Opera on Windows. Some users complain that Firefox uses more memory than other browsers. Features that the Firefox developers believed, would be used by a small number of its users, have not been included in Firefox and left to be implemented as extensions.