Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security

Security

Firefox 2.0 Vulnerabilities/Noise

Mozilla downplays vulnerability reports

By Marius Oiaga, Technology News Editor

26th of October 2006, 12:49 GMT

Adjust text size:


Firefox is hot on the tracks of Internet Explorer 7. But the face-off also features a negative aspect. Vulnerabilities. Currently the score is a blur, depending on whom you believe. Secunia
has reported two vulnerabilities in Internet Explorer 7 so far. Microsoft managed to gear the IE7 "mhtml:" Redirection Information Disclosure onto Outlook, but it confirmed a weakness allowing for popup address bar spoofing. Secunia commented that - as long as IE7 is the attack vector - the fact that the vulnerability resides in Outlook makes little difference.

Now it's Mozilla's turn to fend off vulnerabilities reports. Coincidentally or not, reports of two bugs impacting Firefox 2.0 have emerged on the mailing lists of Full Disclosure and Bugtraq. Mozilla has rebutted both claims. "I would call it just noise," said Window Snyder, Mozilla's security chief adding that the issues pun in no way Firefox 2.0 users at risk. According to Snyder, the reports are largely incorrect and refer to resolved vulnerabilities.

Snyder did acknowledge a DoS related problem generating Firefox crashes. "The exploitable issues are fixed. There is a crash, but it is a denial of service," Snyder said. "We're going to look at it and make sure there is really nothing there".

As for the second vulnerability reported, Mozilla claims it hasn't got sufficient information to either confirm or deny the bug. "We don't have enough information to identify it. If we get more information, then we will investigate," stated Snyder. "We think it is great that the security community is working so hard to help us identify bugs. Once they are identified, we're able to fix them and we fix them quickly and that means customers are less at risk."

"This is one of the highest quality Firefox releases to date," said Mike Schroepfer, vice president of engineering at Mozilla. "We fixed more issues than we ever have before. All empirical and anecdotal evidence so far shows that this is one of the most solid and stable Firefox releases."


Rating:
Very Good (4.2/5) 4 vote(s) so far    

Read by 1,646 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Mozilla Unveils Firefox 2.0 RC1

Firefox Vulnerability - A Laughing Matter

Mozilla Thunderbird Overhauls Eudora

Internet Explorer 7 for Windows XP Final Release Available for Download

Internet Explorer 7 Feedback and Support

International Internet Explorer 7

Final Firefox 2.0 Released

Microsoft Comes with a Cake to the Firefox Party

Firefox 2.0 Ignores Microsoft's Live Search

Firefox 2.0 Key Features

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive