Despite claims by one of the researchers involved that the whole thing was a joke , security experts at Mozilla
Corp. are continuing to investigate whether there is indeed a remotely-exploitable flaw in the Firefox browser.
"It doesn't look like it's going to be a serious problem, but we're still investigating what can be done about it," Snyder said. "We're looking to see if there's anything to fix."
Mozilla has confirmed that there is a flaw in Firefox that can allow attackers to cause a denial-of-service condition by consuming a large amount of system resources. The problem, known as an "out-of-memory" condition, is not remotely exploitable and can not be used to run arbitrary code on target machines, as far as the Mozilla engineers can see at this point. The claims of code execution by Spiegelmock and Wbeelsoi, which they made at a security conference late last month, set off a mad scramble in the security community, as researchers and crackers pored over the pair's exploit code.
"I think it's a reflection of people doing the right thing and taking these reports seriously," said Snyder, who was instrumental in helping to establish Microsoft Corp.'s stance on responsible disclosure when she worked for the software giant. "A couple of individuals took advantage of that , and that's disappointing. But I'm happy that people are taking vulnerabilities seriously."
This article originally appeared on SearchSecurity.com.