THE MOZILLA FOUNDATION has hit out at claims that Firefox 3.6 has a zero day flaw.
The claim was made by Intevydis developer Evgeny Legerov who claimed on his forum that his exploit for Windows XP (SP3) and Vista is quite reliable. He said it was an interesting challenge to find the buffer overflow flaw and work out a way to exploit it.
The Mozzarella outfit has been curiously silent about the flaw and according to our source there it is not surprising why.
Our source said that Legerov has hardly been forthcoming with information about the flaw. In fact he hasn't proven his zero day exploit to anyone that can verify it.
Apparently Mozilla asked him to come up with some details and he wouldn't. Nor has he provided anything in the way of proof to Secunia.
The feeling is that it is all smoke and mirrors until some actual, factual information is given to someone, one Firebadger developer told us.
So why wouldn't Legerov be forthcoming? The thoughts within Mozilla are that he could be a Russian black hat hacker who wants to flog a hack to the highest bidder before disclosing it to Mozilla. The press picking up on his posts on a security blog would give any hacker like him some free publicity. Of course we don't believe that for a minute. Legerov's outfit Intevydis has a web page and everything.
We do know that Firebadger crashes suddenly hit a high on February 12th and 13th. It was suggested that these might have been caused by the exploit being tested. However to do that someone connected to Legerov must have been using it a lot to make a dent in the statistics.
Mozilla's development team told us that the press should be asking why Legerov has not given them information. We have an email in but he has not been forthcoming so far. µ
But it might never see the light of a PC bay
It's nothing we haven't seen before, but it's still the best iPhone yet
Firm gives scanner flaw the finger
Ermine is the same but stoat-ally different