FireFox unsafe?

According to two hackers, Mischa Spiegelmock and Andrew Wbeelsoi, the Firefox Web browser is critically flawed in the way it handles JavaScript. 

An attacker could take control of a computer running the browser simply by creating a Web page that contains malicious JavaScript code.  The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.

"Internet Explorer, everybody knows, is not very secure. But Firefox is also fairly insecure," said Spiegelmock, who in everyday life works at blog company SixApart. He detailed the flaw, showing a slide that displayed key parts of the attack code needed to exploit it.

The flaw is specific to Firefox's implementation of JavaScript. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."

According to Window Snyder, Mozilla's security chief, the JavaScript issue appears to be a real. She also confirmed that addressing it might be tougher than the average patch.