The security team at Mozilla is looking into a flaw in its Firefox Web browser that hackers exposed at a conference in San Diego over the weekend.In a presentation at the ToorCon hacker conference on Saturday, hackers Mischa Spiegelmock and Andrew Wbeelsoi demonstrated exploit code for a vulnerability in the way Firefox handles Javascript.On Monday, Mozilla said it was busy investigating the flaw, and did not offer any security researchers for comment because, according to spokeswoman Mary Colvig, they were all “heads down” on the problem. The company also said it will patch the flaw if it deems that action necessary.The vulnerability could allow someone to execute a memory corruption attack on Firefox if a user browsed to a website that contained the exploit code, said Ken Dunham, director of the rapid response team at security services company iDefense, a VeriSign company. “If you were to go to a website that contained the exploit code, it would fill up the available memory on the computer,” he said. This would create an environment in which an attacker could take over the computer to do something harmful, he added.Dunham said that iDefense labs tested the exploit code, and it was “unreliable” and crashed the Firefox browser. Because of this, he does not consider the exploit to be a critical threat to Firefox. However, “someone could make some changes to the exploit code and make it more reliable,” Dunham said. He added that there are other, more critical unpatched flaws in both Firefox and Microsoft’s Internet Explorer browser that are currently under attack by hackers.By Elizabeth Montalbano, IDG News Service (New York Bureau)Keep checking in at our Security Feed for updated news coverage. Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability Vulnerabilities Security brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe