
Have Firefox 2.0 and Internet Explorer switched places when I wasn't looking? That is not the case, but a comparison of the two browsers reveal that there is a balance in terms of the vulnerabilities
addressed in February 2007, as Firefox has increased its market share in the detriment of IE.
Back on February 13, Microsoft released a Cumulative Security Update for Internet Explorer. The patches resolved two aspects of the COM Object Instantiation Memory Corruption vulnerability and the FTP Server Response Parsing Memory Corruption flaw.
Microsoft revealed that Internet Explorer 5.01, Internet Explorer 6 and Internet Explorer 7 were all affected by the vulnerabilities, with the exception of IE7 on Windows Vista. IE7 for Windows XP was impacted only by the COM Object Instantiation Memory Corruption vulnerabilities and the highest severity ranking was Important. For the remaining versions of Internet Explorer, the severity rating went all the way up to Critical.
Ten days later, Mozilla followed with Firefox 2.0.0.2 and Firefox 1.5.0.10 Security and Stability Update for Windows, Mac and Linux. "It's critical that Firefox users keep themselves updated to protect against software vulnerabilities. Firefox users cannot fool themselves into thinking that security is just a problem for Microsoft products," said Graham Cluley, senior technology consultant for Sophos. "It makes sense for all computer users to remain alert about the latest security flaws, and ensure they are running the latest patched version of their chosen Internet browser."
The security patches released by Mozilla provide fixes for no less than eight vulnerabilities, two of which rated as Critical: onUnload + document.write() memory corruption and Crashes with evidence of memory corruption. Mozilla also reminded users that support for Firefox 1.5.0.x will end April 24, 2007, following which the company will no longer issue security and stability updates.
"It has been much more common for hackers to target users of Microsoft Internet Explorer than Firefox, but that doesn't mean that Firefox users should stick their heads in the sand about security," continued Cluley. "Mozilla will stop releasing security and stability updates for Firefox 1.5 in April, so there really are no excuses for not upgrading to the latest edition of version 2.0."