FireFox Security Holes Lead to Warning - 1,780 Views, 4 Comments

Summary: FireFox security vulnerabilities have been announced this week by parent company Mozilla. Some of them are quite severe, and so should be attended to immediately.

Previous Article « About the Internet Patrol
Read Next Article » Microsoft Kills Support for Microsoft Windows ME, Windows 98, and Windows 98SE

Follow Anne on Twitter Friend Anne on Facebook

FireFox, the fair-haired child* of the web browser family, has a slew of security flaws, some quite serious, revealed parent company Mozilla this week. According to a report in the Register, Mozilla has admitted that the FireFox browsers “fail to properly enforce security restrictions in JavaScript and are subject to memory corruption via maliciously constructed HTML tags.”

This in turn has lead the U.S. Computer Readiness Team (US-CERT) to issue one of the most strident warnings ever to FireFox users, explaining that “The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system,” adding that “The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other effects include a denial of service or local information disclosure.”

*Now, I don’t to get off on a rant here, and I know that FireFox has all kinds of nifty whiz-bang bells and whistles, but I have to tell you that FireFox is the bane of our existence here at the Internet Patrol in terms of trying to provide our readers with a decent experience. No matter what one does to try to make sure that one’s website plays nice with all the browsers out there, it is, without exception, those using FireFox who experience all kinds of problems - problems completely irreproducible with any other browser, including both IE for Windows and Mac, and Safari. So while FireFox may be the fair-haired child among developers, it’s the problem child among website publishers. But apparently that’s heresy, as you will be hard pressed to find many people saying anything bad about FireFox.

In any event, to secure your FireFox against these vulnerabilities, you are advised to upgrade asap to version 1.5.0.2 You can do so at Mozilla.com

FireFox Security Holes Lead to Warning

Follow Anne on Twitter

Twitter Explained in Plain English

Friend Anne on Facebook

Previous Article « About the Internet Patrol
Read Next Article » Microsoft Kills Support for Microsoft Windows ME, Windows 98, and Windows 98SE

» Unix Security Holes! 44 of ‘em!

» New Security Update for Firefox Fixes High Risk Issues

» Repair Internet Explorer - Is It Possible and Is It Worth It?

For additional similar stories check out our archives on Security

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.

4 Comments »

As a part-time website developer I can tell you that if one sticks to writing *valid* HTML and CSS your site(s) will work with ANY of the latest browsers. Stick to the standards set forth by the The World Wide Web Consortium (W3C) and you’re golden.

Comment by Timothy Wulf — 4/18/2006 @ 8:28 am
FYI, it’s just “Firefox,” not “FireFox.” One word, one capital letter.

And I’ll second Timothy’s suggestion: Start with valid code, and you’ll find cross-browser design much easier.

Comment by Kelson — 4/18/2006 @ 8:39 am
I just can’t understand what all the fuss is about Firefox and code compliance. I’ve been using Firefox for since version 1, and I recommend it to all my clients. The only sites that have a problem are those that still insist on using ActiveX or some other Microsoft centric trash. Sorry, but no web browser or OS is 100% safe; Firefox is just a little less unsecure, and a whole lot easire and fun to use.

Comment by Hal — 4/18/2006 @ 9:39 am
I’ve never had trouble with your site in either Firefox or Opera, but since your latest redesign it’s impossible to read in Opera and looks weird in Firefox.
- So maybe it’s not entirely the browsers fault?

Comment by Moonlight Gambler — 4/19/2006 @ 7:06 am

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This article first appeared on 4/18/2006

About

About TIP

About Anne

Follow Anne On:

Twitter
Linked In
Facebook

*Twitter Explained in Plain English

Search
Categories

Recent Comments to Our Articles

Dozer: I read where the Flexispy works for "smart phones" I have a Razr and the target phone is also a Razr. Would this software work read

"gunner": to: Chatoorgoon Jagdeo, congratulations, you have saved yourself time and money, and avoided seeing your hard earned money going into the pockets of thieves. well done read

"gunner": how many times do you have to be told, "the cake is a lie, there is no spoon" and the lottery is a scam read

"gunner": good reasons why i've avoided both "facebook" and "twitter" and will continue to do so read

Del Irwin: The service was ok for 5 years, though with hidden charges and lots of calls to get them removed. Very slimey company.. when I went read

william: my home boys comment isnt on here wtf read

william: I don't think his is a real becuse if it was why could they not just give them the rice?i thing that tis is just read

Harishchandra Salvi: Please help me to get my mobile Nokia 1209 Silver Grey IMEI: 356072033323873 i love my mobile very much and request you to help me pls. read

Pierre: Sad, sad, sad. You'd think that the designers of the Kindle would have known something about the real world, and that the product would read

Allen MacCannell: Hi Anne, Twitter is, sadly, not adding anything close to what Tweetdeck and Twhirl offer. Those two apps (+ the fantastic PowerTwitter Firefox plugin) setup a read

Todd: The link doesn't go to a form anywhere, and I can't find the form. Perhaps they don't allow this for anyone anymore. read

Jon: There are a couple of organisations clammering to purchase shares in City Networks Inc. One of them being "Penn Capital Management Ltd" in Osaka, Japan read

Fjord Prefect: The reason why Google is upset is this: Microsoft already owns 80% of the desktops in the world, they also provide IE which comes with read

Michael Anderson: The lawyer's comment is idiotic. A customer who has received poor service outside of the bounds of the terms of his agreement with the carrier read

Michael Anderson: This is not exactly correct. In most states, minors are able to form "voidable" contracts--that is, the minor can bind the competent party, but the read

Get a FREE summary of the week's articles by email every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!

Search

Get a FREE summary of the week's articles by email every Friday!
We NEVER share your email address, and you can stop them any time!

Be sure to watch for the confirmation email!