IT NEWS      Sustainability        - Virtualisation   
Technology news and Jobs arrow Information Technology News arrow Firefox 3 fans cry foul as first vulnerability reported
Firefox 3 fans cry foul as first vulnerability reported PDF E-mail
User Rating: / 6
PoorBest 
by Stephen Withers   
Friday, 20 June 2008
Page 1 of 2
All those millions of people that rushed to download Firefox 3 got something they didn't expect - a critical security vulnerability. Some people smell a rat!

Related stories

The vulnerability, which could allow the excevution of arbitrary code, was reported to TippingPoint's Zero Day Initiative just five hours after the open source browser was released on Tuesday. The Zero Day Initiative pays researchers for finding vulnerabilities in software, then provides the information to the vendor concerned.

The timing has led to allegations that the researcher concerned had discovered the flaw prior to the release of Firefox 3 but delayed notification to gain the maximum publicity. The fact that the flaw also affects Firefox 2 is thought to support this theory.

Since the researcher has chosen to remain anonymous, he or she will gain little kudos from being the first to discover a flaw in Firefox 3, leading to speculation that the researcher is in some way associated with another browser.

But enough of the conspiracy theories - what's to be done by the 12 million plus users that have already downloaded Firefox 3, let alone the 140 million or so that Mozilla says are using its predecessors?

Practically nothing is known about the nature of the flaw. All TippingPoint is saying is that "Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page."

So the usual warnings about being careful about visiting shady sites and avoiding links in dodgy email would seem to apply until an update is released.

What does Mozilla have to say about the flaw? Please read on.


<< First page <   1 2 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter
First name:
Last name:
Your email address:
Your role:
Your industry:
Australian state:
Country:
Enter the security code shown:
mandatory
JobsWire Technology Jobs in Melbourne
Active Directory  Apache  Software Architect  C#  C++  Cisco  Citrix   Cognos  Coldfusion  CRM  Crystal Reports  Software Development  ERP  HTML  IBM  IT Infrastructure  ITIL  J2EE  Java  LAN/WAN  Linux  Lotus Notes  MS Project  .NET  Oracle  SDLC  SQL  IT Support  IT Training  UAT  UML  Unix  XML
  JobWire - IT Jobs
Contact , Register , Advertise with iTWire , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page
Industry Releases , Submit your release now