Mozilla Foundation had recently awarded a 12-year bug hunter with an award of $3,000 after the boy had discovered a serious malicious code execution in the browser, which was caused due to buffer overflow and memory corruption emergence in Firefox browser. The flaw was identified as CVE-2010-3179 which executes itself using the document.write() function in the code.
What this Bug can do actually ?
This bug infects the users PC as the tricks potential victims when the user visits a special page from the browser which crashes the browser and allows the malicious code to get executed on the users computer.
Mozilla reports the issue:
Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim’s browser and potentially run arbitrary code on their computer.
Alexander Miller is a 12-year old boy who studies in grade seventh and was awarded with a check worth $3,000. Miller use to research on bugs after Mozilla announced the campaign earlier this year to award bug finders with some cash. Listening this, Miller stuck to his PC trying to locate some bugs from the browser and get paid for it. Miller spent 90 minutes a day for about 10 days and finally he was succeeded discovering a bug.
Miller was excited receiving handsome amount from Mozilla Foundation, where he plans to buy a new computer and Christmas gifts for his family, and also aims to make a donation to animal rescue organization.