Firefox, which is by all accounts and measures a superb web-browser, recently celebrated their 25millionth download. Yes, you read that right – Firefox has been downloaded twenty-five million times, and in large part this is due not only to its excellent user interface, but its generally providing a much more secure browsing experience than, say, Internet Explorer.
Of course, it’s also been said that one reason that Microsoft products are so hellatiously leaky security-wise is because with the enormous market-share that Microsoft has, they are the biggest targets for hackers, virus-writers and other packet-sucking scum.
Perhaps there is some truth to that, and equally some truth that such products come under increased scrutiny from the security sector as well. And with Firefox’s increased market-share it only stands to reason that they too would come under such focus.
And thus it was that this week it has been reported that two new vulnerabilities have been reported in Firefox, even version 1.0.3, which is the latest version.
Researchers at security company Secunia, calling the holes “extremely critical”, have found that the newly discovered vulnerabilities can be exploited in tandem to allow hackers to gain remote access and control of compromised systems by using what is known as a “cross-site scripting attack”. The vulnerabilities involve both JavaScript, and a software installation setting which would ordinarily allow sites such as mozilla.org to perform software updates.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
Until Mozilla releases a fix, Secunia advises that Firefox users disable JavaScript, as well as the software installation option in Firefox.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
The latest version is now 1.0.4.
Firefox 1.0.4 is now the latest version. The authors are more current in fixing the security problems than I am in my newsletter reading.
Read Brian Livingstone’s update on this matter – it’s most helpful.
http://www.mozilla.org/security/announce/mfsa2005-42.html
Short version: most people have no reason to worry, but check it out, in case you have atypical settings.