2005 - 772 views, 4 Comments

Summary: Firefox, which is by all accounts and measures a superb web-browser, recently celebrated their 25millionth download. Yes, you read that right - Firefox has been downloaded twenty-five million times, and in large part this is due not only to its excellent user ...

Previous Article « Breaking News! Court Strikes Down FCC’s Broadcast Flag!
Read Next Article » New Windows AIM Virus Invites You to the Pub

Firefox, which is by all accounts and measures a superb web-browser, recently celebrated their 25millionth download. Yes, you read that right - Firefox has been downloaded twenty-five million times, and in large part this is due not only to its excellent user interface, but its generally providing a much more secure browsing experience than, say, Internet Explorer.

Of course, it’s also been said that one reason that Microsoft products are so hellatiously leaky security-wise is because with the enormous market-share that Microsoft has, they are the biggest targets for hackers, virus-writers and other packet-sucking scum.

Perhaps there is some truth to that, and equally some truth that such products come under increased scrutiny from the security sector as well. And with Firefox’s increased market-share it only stands to reason that they too would come under such focus.

And thus it was that this week it has been reported that two new vulnerabilities have been reported in Firefox, even version 1.0.3, which is the latest version.

Researchers at security company Secunia, calling the holes “extremely critical”, have found that the newly discovered vulnerabilities can be exploited in tandem to allow hackers to gain remote access and control of compromised systems by using what is known as a “cross-site scripting attack”. The vulnerabilities involve both JavaScript, and a software installation setting which would ordinarily allow sites such as mozilla.org to perform software updates.

Until Mozilla releases a fix, Secunia advises that Firefox users disable JavaScript, as well as the software installation option in Firefox.

Email the link for this page to a friend!

» Firefox Flaw Found and Fixed (Get the Patch)

» FireFox Security Holes Lead to Warning

» No Wait, These Åre the Last Two Windows Holes of the Year

For additional similar stories check out our archives on Security

4 Comments »

http://www.mozilla.org/security/announce/mfsa2005-42.html

Short version: most people have no reason to worry, but check it out, in case you have atypical settings.

Comment by Ville — 5/10/2005 @ 12:44 am
Read Brian Livingstone’s update on this matter - it’s most helpful. http://windowssecrets.com/comp/050512/

Comment by Nigel Perels — 5/13/2005 @ 2:45 am
Firefox 1.0.4 is now the latest version. The authors are more current in fixing the security problems than I am in my newsletter reading.

Comment by Ken — 5/22/2005 @ 3:23 pm
The latest version is now 1.0.4.

Comment by Ken — 5/22/2005 @ 3:26 pm

RSS feed for comments on this post.

Warning! All comments which contain URLs and are clearly just spam to generate a link back to the URL will be deleted on sight. Don't bother wasting your time!
If you are going to include a URL in your comment,
please keep it under 25 characters in length,
or use TinyURL to shorten it before including it in your comment.
Line and paragraph breaks are automatic, your email address is never displayed.
HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>