Hacker backpedals on Firefox zero-day claim

A hacker who claimed to have found a serious zero-day bug in Firefox now says he was never able to exploit the supposed vulnerability to hijack computers.

On Saturday, Mischa Spiegelmock and Andrew Wbeelsoi told attendees at the ToorCon event in San Diego that Firefox is critically flawed in the way it handles JavaScript. An attacker could commandeer a computer running the open-source Web browser simply by crafting a Web page that contains some malicious JavaScript code, they said. They displayed some of that code.

But Spiegelmock has now backpedaled on those claims. In a statement
provided to Mozilla, which coordinates development of Firefox,
Spiegelmock said that the computer code displayed during the
presentation does not fully compromise a PC running the browser.