Firefox, Netscape Flaws Discovered
A security researcher has uncovered serious security holes in the latest versions of the Firefox, Mozilla Suite and Netscape Web browsers, flaws that could allow attackers to break into computers if users visit a specially crafted Web site or click on a malformed link in an e-mail, for example.
Bad guys are almost certain to take advantage of this flaw, if for no other reason than it is extremely easy to exploit. All three browsers can be forced to execute a command or computer program of the attacker's choice just by directing them to a URL that is little more than "http://" and a string of dashes.
Tom Ferris, the guy who discovered the flaws, says he's reported them to both Mozilla -- which also developed Firefox -- and Netscape. Still, there are no patches to fix the problem in any of the browsers yet, so be extra careful about clicking on links you receive in instant message or in e-mail, or consider using another Internet browser. Earlier this month, I blogged about a serious flaw Ferris found in the Microsoft's Internet Explorer Web browser that also remains unpatched.
Mozilla and Firefox have grown in their popularity in recent months, touted as more secure alternatives to IE. But as this and other research shows, Firefox has its share of security holes as well: Mozilla has released patches to fix at least 23 flaws since I began this column at the end of March. And as the open-source browser continues to increase its market share, you can bet attackers are going to start looking harder for flaws and exploiting them.
By the way, even though there is no patch available yet for the Firefox flaw, some readers in a discussion over at Slashdot.org today were saying that the many friends and family members they have converted from IE to Firefox haven't been applying their Firefox patches.
If you are using Firefox and you see a little red arrow in the upper right corner of your screen, it means security patches are waiting to be applied. Click on the arrow to start that process. If that fails, try using Firefox's updater tool by clicking on "Tools" in the menu at the top of the browser window, then "options" then the "Advanced" tab. Scroll down to the section that says "software update" (and make sure there's a check mark next to both "Extensions" and "Firefox"). Then hit the button that says "check now" and it should find any available updates.
Posted by: Filf | September 9, 2005 1:40 PM | Report abuse
Posted by: James Cameron | September 9, 2005 4:52 PM | Report abuse
Posted by: Caesar | September 9, 2005 5:09 PM | Report abuse
Posted by: Hal Straus | September 9, 2005 5:17 PM | Report abuse
Posted by: Pat Gomes | September 9, 2005 8:10 PM | Report abuse
Posted by: Steve Harris | September 9, 2005 8:11 PM | Report abuse
Posted by: mondella | September 18, 2005 2:54 PM | Report abuse
Posted by: Stan | January 14, 2006 4:24 AM | Report abuse
The comments to this entry are closed.