Mozilla Firefox JavaScript Engine Information Disclosure Vulnerability

If you happen to use Proxomitron, here is a filter that *may* block this vulnerability (I still don't have a clear idea on how this flaw works):

Code:

[Patterns]
Name = "Mozilla: Memory Access Remover [Kye-U]"
Active = TRUE
URL = "($TYPE(htm)|$TYPE(js))"
Limit = 30
Match = ".replace\(\w,function\($[#1-9]\)"
Replace = ".Shonenscape"

 

\\\\\\\\\\







Well, that was fun! It felt like half my computer's brain was just left at Secunia! So, Promoxitron is the only workaround right now?

 

So I disabled javascript and now I can only answer in this little quote box, or is that something else?

 

You might be able to do the same sort of thing with the greasemonkey extension

If you haven't seen it before this extension allows you to make arbitrary changes to webpages dynamically

• useful to fix pages that are slightly broken under Moz/FF
• useful to add in features rather than waiting for the site owners...
• possibly useful in this case to dynamically ferret out unwanted js behaviour

Greasemonkey can be found at http://greasemonkey.mozdev.org/

 

There's a fix out now:

https://bugzilla.mozilla.org/show_bug.cgi?id=288688