14 DAY TRIAL // Firefox is probably the most popular alternative for Internet Explorer, the old-fashioned browser offered by Microsoft and included into Windows operating system. Now, Firefox is regarded as a more secure browser because it uses a different engine than IE and offers improved functionality. Today's security advisory reveals a vulnerability in Mozilla's browser that can disagree with the above statement, sustaining that Firefox contains a highly critical security flaw. According to security company Secunia, Mozilla's application has a vulnerability when the browser works with Wizz RSS News Reader, allowing attackers to compromise an affected system. Wizz RSS is a Firefox extension able to add one more function to the browser, helping users to read the latest news and headlines straight from the program. It seems like the vulnerability is exploited once the user adds a malicious RSS feed into the extension and allows the attacker to connect to the system.
"A vulnerability has been reported in the Wizz RSS News Reader extension for Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. Certain input is not properly sanitized before being used and can be exploited to e.g. execute arbitrary script code within the "chrome:" context. Successful exploitation requires that a user is tricked into loading a specially crafted RSS feed," Secunia sustained in the security advisory.
According to the company, the vulnerability was discovered only in the older versions of Wizz RSS News Reader, the solution being represented by the update to the latest release.
This security report comes after Secunia discovered another flaw in Firefox, also caused by an extension that can compromise a user's system. At this time, Mozilla is fighting with Internet Explorer but it seems like Microsoft's application has a little advantage offered by the lack of vulnerabilities. In the past, the security reports revealed that Microsoft managed to fix 100 percent of 15 IE flaws while Mozilla patched a smaller percent of a bigger number of vulnerabilities.