Firefox is hot on the tracks of Internet Explorer 7. But the face-off also features a negative aspect. Vulnerabilities. Currently the score is a blur, depending on whom you believe. Secunia has reported two vulnerabilities in Internet Explorer 7 so far. Microsoft managed to gear the IE7 "mhtml:" Redirection Information Disclosure onto Outlook, but it confirmed a weakness allowing for popup address bar spoofing. Secunia commented that - as long as IE7 is the attack vector - the fact that the vulnerability resides in Outlook makes little difference.

Now it's Mozilla's turn to fend off vulnerabilities reports. Coincidentally or not, reports of two bugs impacting Firefox 2.0 have emerged on the mailing lists of Full Disclosure and Bugtraq. Mozilla has rebutted both claims. "I would call it just noise," said Window Snyder, Mozilla's security chief adding that the issues pun in no way Firefox 2.0 users at risk. According to Snyder, the reports are largely incorrect and refer to resolved vulnerabilities.

Snyder did acknowledge a DoS related problem generating Firefox crashes. "The exploitable issues are fixed. There is a crash, but it is a denial of service," Snyder said. "We're going to look at it and make sure there is really nothing there".

As for the second vulnerability reported, Mozilla claims it hasn't got sufficient information to either confirm or deny the bug. "We don't have enough information to identify it. If we get more information, then we will investigate," stated Snyder. "We think it is great that the security community is working so hard to help us identify bugs. Once they are identified, we're able to fix them and we fix them quickly and that means customers are less at risk."

"This is one of the highest quality Firefox releases to date," said Mike Schroepfer, vice president of engineering at Mozilla. "We fixed more issues than we ever have before. All empirical and anecdotal evidence so far shows that this is one of the most solid and stable Firefox releases."