Firefox 3 fans cry foul as first vulnerability reported

By Stephen Withers
Friday, 20 June 2008 02:35

Open Source

Page 1 of 2
All those millions of people that rushed to download Firefox 3 got something they didn't expect - a critical security vulnerability. Some people smell a rat!
The vulnerability, which could allow the excevution of arbitrary code, was reported to TippingPoint's Zero Day Initiative just five hours after the open source browser was released on Tuesday. The Zero Day Initiative pays researchers for finding vulnerabilities in software, then provides the information to the vendor concerned.

The timing has led to allegations that the researcher concerned had discovered the flaw prior to the release of Firefox 3 but delayed notification to gain the maximum publicity. The fact that the flaw also affects Firefox 2 is thought to support this theory.

Since the researcher has chosen to remain anonymous, he or she will gain little kudos from being the first to discover a flaw in Firefox 3, leading to speculation that the researcher is in some way associated with another browser.

But enough of the conspiracy theories - what's to be done by the 12 million plus users that have already downloaded Firefox 3, let alone the 140 million or so that Mozilla says are using its predecessors?

Practically nothing is known about the nature of the flaw. All TippingPoint is saying is that "Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page."

So the usual warnings about being careful about visiting shady sites and avoiding links in dodgy email would seem to apply until an update is released.

What does Mozilla have to say about the flaw? Please read on.


«StartPrev12NextEnd»

SPONSORED PRESS RELEASES

Websense Security Labs Reports ‘User Trust’ Targeted Attacks; Over 1 in 10 ‘Top Search’ Results Categorised as Malware; Increased Focus on Web 2.0
Websense, Inc. today revealed the findings from its bi-annual research report: Websense Security Labs, State of Internet Security, Q3-Q4 2009.
ComOps Scoops Leading Position in SmartCompany Dun and Bradstreet IT Company Growth List
F5 APAC CIO Survey Underscores Need for Proactive Approach to Application Delivery and Cloud Computing
F5 Delivers Next-Generation Application Delivery Services Giving Enterprises More Control with Context-Aware Networking
WatchGuard Enhances Security Software
engin Launches Hosted Phone System for Australian Small Business

Featured IT jobs

Melbourne
Senior Software consultant
Senior Software consultant responsible for providing support on a unique enterprise level software solution for various customers, Melbourne based!
Skills Tags:   IT  ITIL  Linux  Management  RFP  Unix
Sydney
Database Developer - SQL Server 2005
This financial client has an excellent opportunity for an experienced Database Developer. SQL 2005 Some Schema design + SSIS & SSRS - 80k+super
Skills Tags:   Design  Development  SQL  SQL Server
Melbourne
Hyperion Planning Consultant
Massive Hyperion Project requires a Hyperion Planning Architect / Lead Developer - drive home a huge Hyperion solution.
Skills Tags:   Architect  Design  Development  Hyperion
Sydney
OBIEE BI/DW Consultant
OBIEE Consultant to work on a very large greenfield OBIEE implementation to date to work end-to-end with excellent modelling & BI Server skills
Skills Tags:   Business Intelligence  Cognos  Hyperion  Informatica  Oracle  SQL

Editors Picks

Stories you may have missed

How YouTube is killing mobile networks, and what to do about it

Microsoft Surface slips into Australia

Wikileaks is back from the brink
 

What iTWire offers for free

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases