14 DAY TRIAL // A recently reported vulnerability that affects Mozilla's Firefox and Microsoft's Internet Explorer caused an interesting dispute between the two parent companies as they are accusing one another for the security flaw. Basically, the exploitation of the flaw could be made by visiting a dangerous website from Internet Explorer that tried to launch a new attack through Firefox. The two producers sustained they have nothing to patch, accusing the other browser for the vulnerability.
"Obviously, the problem here is most definitely not in IE. There is nothing in the protocol handler that informs IE how to perform input validation. IE's only responsibility is to take the parameters that are passed to the protocol and pass them on to the protocol handler, in this case Firefox. Firefox fails to properly validate the parameters, and any fix will have to come from Mozilla, not Microsoft," Jesper Johansson, a former senior security strategist for Microsoft, said on his blog.
Mozilla decided to reply in a more official mode and encouraged users to use Firefox for visiting untrusted websites. However, it seems like the folks from Mozilla are willing to release an updated version of the application that would include a fix for the recently discovered vulnerability.
"It is important to note that if you are using Firefox to browse the web you *are not* vulnerable to this attack. While we have seen no evidence of attackers exploiting this issue, there is proof of concept code available publicly. So we recommend that people use Firefox and as always take care when browsing unknown websites," Mozilla said on the official blog of the company.
The battle between the two companies is very important because both of them are claiming to own the supremacy of the web browsers. However, Mozilla was the first firm that decided to surrender and proudly announced a more secure version: "Mozilla believes in defense in depth and will be patching Firefox in the upcoming 2.0.0.5 release to mitigate the problem."