Mozilla Corp. bumped up the threat ranking for an unpatched Firefox bug to "high" Tuesday, but promised a fix is coming in Version 2.0.0.12, now slated for release on Feb. 5. The company's head of security, Window Snyder, confirmed that the browser, when running any of more than 600 add-ons, can be exploited to steal "session information, including session cookies and session history."
Snyder's acknowledgment followed an update by Gerry Eisenhaur, the researcher who first reported the Firefox problem. "There seems to be some confusion about what exactly the severity of this vulnerability is," Eisenhaur said on his hiredhacker.com blog. "This is not a chrome privilege escalation, but it [is] worse than just leaking some variables. I created another demo to read the sessionstore.js file. This will display information regarding your current session, [including] windows, tabs, cookies, etc."
View: The full story @ PCWorld
Snyder's acknowledgment followed an update by Gerry Eisenhaur, the researcher who first reported the Firefox problem. "There seems to be some confusion about what exactly the severity of this vulnerability is," Eisenhaur said on his hiredhacker.com blog. "This is not a chrome privilege escalation, but it [is] worse than just leaking some variables. I created another demo to read the sessionstore.js file. This will display information regarding your current session, [including] windows, tabs, cookies, etc."
View: The full story @ PCWorld
As far as your conclusion goes, you make it sound like Firefox never found and fixed bugs before. Look at their bugzilla history, they are always working on fixing issues, and have been since they started.
Yet another reason to install NoScript.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.