|
|
|
|
|
Firefox 3 Vulnerabilities Could Affect Over 14 Million ComputersSecurity Flaws Discovered in Firefox 3.0 |
By Catalin Bocanu, Web News Editor
20th of June 2008, 16:24 GMT
Adjust text size:  
|
| |
Since the new release of popular web browser Mozilla Firefox 3.0, over 14 million downloads have been registered by the counter posted on the Spread Firefox website. But just in a few hours (about five) after the Mozilla Firefox 3.0 was made available to the public, security flaws have been reported.
TippingPoint, a provider of network-based intrusion prevention systems, was informed about existing security issues in Mozilla Firefox 3.0 through its program Zero Day Initiative (ZDI) that rewards security researchers for exclusive information disclosing vulnerabilities founded in software products. Even the new security features of Firefox 3.0 have the main priority to maintain personal information safe and to protect users from phishing and malware, TippingPoint confirms the existence of a critical vulnerability of high severity that affects Mozilla Firefox 3.0 (ZDI ID: ZDI-CAN-349) and prior versions of Firefox 2.0.x: "We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page." In response to this security report, Mozilla Security Blog posted, "This issue is currently under investigation. To protect our users, the details of the issue will remain closed until a patch is made available. There is no public exploit, the details are private, and so the current risk to users". If other security reports are taken into account, like the one found on SecurityFocus website which deals with an unspecified buffer overflow vulnerability (boundary condition error), the new security improvements from Firefox 3.0 are not powerful enough for present pishing and malware threats. In conclusion, having in mind that over 14 millions downloads of Mozilla Firefox 3.0 have been performed, users' computers are in potential danger until the security patches are released to fix the existing vulnerabilities.
|
|
|
| Article rating: |
|
Good (3.9/5) |
10 vote(s) |
|
|
|
|
User opinions: |
| Comment #1.1 by: Matt Emmerton on 23 Jun 2008, 02:12 GMT | Security by obscurity is NOT the answer. |
| Comment #1.2 by: john on 23 Jun 2008, 02:50 GMT | And opera also has it bugs as well. Though with it being a minor player in the browser market flaws are not publicized like they are in Firefox and IE. |
| Comment #1.3 by: iamscape@yahoo.com on 23 Jun 2008, 05:10 GMT | Opera is ok but lacks many components to handle a vast majority of websites. |
| Comment #1.4 by: Michael on 23 Jun 2008, 23:37 GMT | I use Opera as well. Greatest browser in my opinion. I used to use FF, but have switched. It has all the features I need without add-ons. It may have it's security issues also, but when they are discovered, they are fast to fix them. FF still has security issues that have been out for years that aren't fixed. |
| Comment #2 by: guest on 23 Jun 2008, 02:15 GMT |  reply to this comment | Yeah you're stupid. "People are vulnerable, but only if they're idiots. But they're still vulnerable." |
| Comment #3 by: Russell on 23 Jun 2008, 02:17 GMT | reply to this comment | So you're sensationalizing security threats to 14 million computers that already existed if the users were running previous versions of FF (which most probably were). Not saying that it's not worth reporting or that it isn't serious and should be addressed, just that the manner of reporting here makes it sound like people who downloaded FF 3 are at greater risk now than they were with previous versions - which isn't true at all. With these particular reported threats, the risk is identical, but there are numerous other security issues that were successfully addressed in the upgrade from FF2 to FF3. Please don't oversensationalize like this. |
| Comment #4 by: Dillinger Palmares Goldman™ on 23 Jun 2008, 02:18 GMT | reply to this comment | Yeah, I never heard of a security flaw with Opera. In fact, I just searched google and found nothing! All hail Opera! |
| Comment #4.1 by: Hellfire on 23 Jun 2008, 13:28 GMT | I hope you are just trolling. There is not a browser in existence that has had no security issues.
Secunia Report on Opera products:
http://secunia.com/vendor/12/ |
| Comment #5 by: Russell on 23 Jun 2008, 02:19 GMT | reply to this comment | And to Saud who uses Opera (I do, too - I actually use just about every current browser at some point during my day) - Opera is not free from vulnerabilities - see http://www.securityfocus.com/bid/29684 |
| Comment #6 by: Mitchell Bunting on 23 Jun 2008, 02:31 GMT | reply to this comment | I agree with Saud Opera is alot safer. |
| Comment #7 by: mundens on 23 Jun 2008, 02:55 GMT | reply to this comment | Only two such vulnerabilities, huh? And they were existing 2.x vulnerabilities. It's interesting to speculate on why these people didn't bother reporting the vulnerabilities _prior_ to the 3.0 release?
Anyway with only two such vulnerabilities so far, it still makes Firefox a lot safer than Internet Explorer and Opera! So why not have a headline such as "Firefox 3 safer than other browsers!", hmm?
:P |
| Comment #7.1 by: Michael Flagler on 23 Jun 2008, 23:45 GMT | Safer than Opera?
You need to do research before saying that.
http://secunia.com/product/10615/?task=statistics
Opera has the least vulnerabilities of all the browsers. Even when they do have one, they are quick to fix it.
Firefox still has vulnerabilites that were never patched in 2.x, and now the one in 3.x (Just need some time though). If you look at Opera's history, the last un-patched major version was back in 6.x, but 7.x through 9.x have no un-patched vulnerabilities. |
| Comment #9 by: Elijah Goldstein on 23 Jun 2008, 05:11 GMT | reply to this comment | Firefox is ok, but Opera is a much better browser in all respects. |
| Comment #10 by: Anonymous Coward on 23 Jun 2008, 08:02 GMT | reply to this comment | Why do you Opera/Safari people go out of your way to find an article about Firefox just to promote using your browser of choice?
Also, Dillinger Palmares Goldman, you are just spreading FUD. Have you even tried "http://www.google.com.au/search?hl=en&q=opera security flaw&btnG=Search&meta="?
Also, it is likely that a lot more people actually enjoy this open source, speedy, extensible application - Firefox. |
| Comment #11 by: Joao Bastos on 23 Jun 2008, 12:16 GMT | reply to this comment | Wrong and misinformative article. Clearly someone has a lot of time on theyr hands....
And to those who reply "Thats why I use Opera/Safari":
- First of all nobody cares what you use,
- Other browser have theys weaknesses also, so don't think you're samerter that others.
- You are sad. |
| Comment #11.1 by: Someone Who Can Spell on 23 Jun 2008, 13:27 GMT | Good thing such a verbally affluent individual could be the one to point out how stupid everyone else is... |
| Comment #11.2 by: b on 23 Jun 2008, 22:08 GMT | so don't think you're samerter that others.
Don't you mean "Smarter than others"?
Learn some grammar & spelling so you don't look like a fool. |
| Comment #11.3 by: Carla on 24 Jun 2008, 00:48 GMT | couldn't have said it better. |
| Comment #12 by: Unleash on 23 Jun 2008, 13:28 GMT | reply to this comment | The truth is .. any popular web application people will try to exploit. But, firefox has always been good about finding out the problems and fixing them. |
| Comment #13 by: honesty justice on 23 Jun 2008, 17:49 GMT | reply to this comment | ALL SOFTWARE IS INSECURE.
End of story. There is no 100% secure option here - none. Your thoughts of security are pure illusions - any 'cracker' or 'hacker' will get you, one way or the other, if they are smart and determined. You'll never see them. Luckily, most of those guys wouldn't waste their time on a squirt like you - they are paid big, big bucks for their talent.
You are always insecure - but hey, just keep telling yourself it's not true. Don't worry, by the time you finish reading this, you'll remember that you don't believe these words apply to you, and you'll go back to the comfortable bubble built for you.
Have a nice day. |
| Comment #14 by: Louis on 24 Jun 2008, 00:33 GMT | reply to this comment | I'm sorry, but this statement is not true at all
"Opera is ok but lacks many components to handle a vast majority of websites."
What components? It does HTML, CSS and JavaScript, and arguably the best at all three, and it works. The vast majority of websites work fine, only some minorities don't work...
Stop talking out of your butt... |
| Comment #15 by: andrei on 25 Jun 2008, 08:54 GMT | reply to this comment | so what Firefox 3 Vulnerabilities Could Affect Over 14 Million Computers ? IE affects well over 14milion computers. there is no such thing as perfect browser. i used opera as well but switched to firefox a long time ago. in my opinion it`s much more stable. yes it might consume more resources then other browsers but i personally don`t care. for example if i reinstall windows and browse a serials website i have to reinstall winshit again. opera/safari i don`t know and i don`t care they don`t inspire trust at all anymore. |
| Comment #16 by: lettlurt on 25 Jun 2008, 21:44 GMT | reply to this comment | If security means a lot to you, you have to use Opera, it has the best history on security. Thats both for number of security hole found and how fast they fix it.
Data from Secunia today
Internet Explorer 6.x
23 secure hole not fixed of tot 129
http://secunia.com/product/11/
Internet Explorer 7.x
9 secure hole not fixed of tot 28
http://secunia.com/product/12366
Firefox 2.0.x
4 secure hole not fixed of tot 24
http://secunia.com/product/12434
Konqueror 3.x
2 secure hole not fixed of tot 14
http://secunia.com/product/3166
Safari 3.x
1 secure hole not fixed of tot 3
http://secunia.com/product/17989
Firexox 3.0
0 secure hole not fixed of tot 1
http://secunia.com/product/19089/
Opera 9.x
0 secure hole not fixed of tot 14
http://secunia.com/product/10615 |
|
|
|
