Tuesday, October 03, 2006

Firefox vulnerability is a HOAX and Speaker had Dinner with Microsoft !

Update II, People seems to doubt the source of the picture, It is from "Mischa Spiegelmock's" own website and it is from a collection of photos he took while attending " Seattle Mindcamp".

Take a screen capture!

Update; The hoaxer had dinner with Microsoft!, the link at the bottom.

At Toorcon this weekend, two speakers claimed they found vulnerabilities in the Javascript VM. and media was awash with many a gleeful reports. Some even claimed the vulnerability count to 30.

So Mozilla team got to work. and according to Window Snyder of Mozilla team;

"So far weÂ’ve been able to reproduce a denial of service issue based on the information they gave during their talk. In some cases this causes a crash based on an out of memory error. Based on the information we have at this time we have not been able to confirm whether an attacker can achieve code execution. "

Since there were not detectable problems, Mozilla team contacted the speakers. After all it turned out to be a hoax. They say it was a joke but I doubt it. Read more because they might be M$ fans.

Here is the full post from Mozilla Developer News;

"We got a chance to talk to Mischa Spiegelmock, the Toorcon speaker that reported the potentialJavaScriptt security issue referenced earlier. He gave us more code to work with and also made this statement and agreed to let me post it here:

The main purpose of our talk was to be humorous.

As part of our talk we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this, and I personally have not gotten it to result in code execution, nor do I know of anyone who has.

I have not succeeded in making this code do anything more than cause a crash and eat up system resources, and I certainly havenÂ’t used it to take over anyone elseÂ’s computer and execute arbitrary code.

I do not have 30 undisclosed Firefox vulnerabilities, nor did I ever make this claim. I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not.

I apologize to everyone involved, and I hope I have made everything as clear as possible.


Mischa Spiegelmock

Even though Mischa hasn‚’t been able to achieve code execution, we still take this issue seriously. We will continue to investigate.

-Window Snyder"

But after that I did some searching for "Mischa Spiegelmock" and he seemed to have had dinner wMicrosoftsoft and Amazon, Proof wphotosotos from speaker own site.

The other guy seemed to be non-existant who came for the ride along!, as far as I am concerned.

This is an insane Joke mister.

No comments: