Mozilla Warns of Firefox Security Holes
Foundation releases an updated browser that includes fixes to many flaws
Monday, February 28, 2005 by Phoon | Discussion: Internet
Several security vulnerabilities in Firefox and the Mozilla Suite of Internet software put users of the open-source products at risk of hacker attacks, the Mozilla Foundation is warning. The organization released Firefox 1.0.1, which fixes 17 security flaws in the popular Web browser. The most serious flaws could allow an attacker to gain full control over a victim's PC, the Mozilla Foundation says in a statement. Firefox 1.0 was released in November and has since been downloaded more than 27 million times.
The public warning of the security vulnerabilities is evidence that the Mozilla Foundation's products give a false sense of security, says Thor Larholm, a senior security researcher with PivX Solutions in Newport Beach, California.
"The only reason Mozilla and Firefox have a good track record in security with a low number of security vulnerabilities is simply because they don't tell anyone about them," Larholm says via e-mail.
The public warning of the security vulnerabilities is evidence that the Mozilla Foundation's products give a false sense of security, says Thor Larholm, a senior security researcher with PivX Solutions in Newport Beach, California.
"The only reason Mozilla and Firefox have a good track record in security with a low number of security vulnerabilities is simply because they don't tell anyone about them," Larholm says via e-mail.
_02
Reply #2 Monday, February 28, 2005 5:51 PM
Reply #2 Monday, February 28, 2005 5:51 PM
It was only a matter of time. I use both browsers. I prefer IE, but sometimes I am only able to download pic's in bmp format. I use Firefox to download pic's and everything I download off WC.
paxx
Reply #3 Monday, February 28, 2005 6:30 PM
Reply #3 Monday, February 28, 2005 6:30 PM
It certainly isn't perfect, but it's still more secure.
Anyhow, security is not a worry of mine, I consider myself protected enough and smart enough in my browsing habits.
I love Firefox because it's a browser of this decade, not an old browser that hasn't seen any real feature update since the last millenium.
Anyhow, security is not a worry of mine, I consider myself protected enough and smart enough in my browsing habits.
I love Firefox because it's a browser of this decade, not an old browser that hasn't seen any real feature update since the last millenium.
Weaksid
Reply #4 Monday, February 28, 2005 6:43 PM
Reply #4 Monday, February 28, 2005 6:43 PM
I agree with something I read somewhere about firefox.
"Yes, Firefox has holes and hackers will target these. But, since Firefox is opensource the holes get caught before the attacks get wide spread or before they even start."
That isn't a exact quote but it's roughly what was said.
If you have you options set to check for updates every time you use Firefox, it will plug the holes before you will have a problem.
Keep in mind... ALL Software has bugs/holes/and backdoors that the programers put in. Software is created by a human and will always be defective and be able to be cracked. But since thousands of people are working on Firefox, unlike IE and other non-open source browsers.
"Yes, Firefox has holes and hackers will target these. But, since Firefox is opensource the holes get caught before the attacks get wide spread or before they even start."
That isn't a exact quote but it's roughly what was said.
If you have you options set to check for updates every time you use Firefox, it will plug the holes before you will have a problem.
Keep in mind... ALL Software has bugs/holes/and backdoors that the programers put in. Software is created by a human and will always be defective and be able to be cracked. But since thousands of people are working on Firefox, unlike IE and other non-open source browsers.
Phoon
Reply #5 Monday, February 28, 2005 6:51 PM
Reply #5 Monday, February 28, 2005 6:51 PM
To quote another section of the full article..
The Mozilla Foundation has fixed hundreds if not thousands of security vulnerabilities over the last few years without notifying the world and without providing security patches, instead they have simply just told their users to upgrade," he says. "We have to remember that all software has security vulnerabilities, the only difference is in how we anticipate them and inform the world about their existence.
Unless you were reading the notices, you would not have even know to upgrade. It was my understanding that FF did not "update" itself when you checked, you had to look for the update. (I may be wrong on that though).
Perhaps by not informing the world of the vulnerabilities, they were able to avert attacks, but that is still a double edged sword IMO.
Either way.. like I said, I still like FF and will use it occasionaly, I just prefer IE.
The Mozilla Foundation has fixed hundreds if not thousands of security vulnerabilities over the last few years without notifying the world and without providing security patches, instead they have simply just told their users to upgrade," he says. "We have to remember that all software has security vulnerabilities, the only difference is in how we anticipate them and inform the world about their existence.
Unless you were reading the notices, you would not have even know to upgrade. It was my understanding that FF did not "update" itself when you checked, you had to look for the update. (I may be wrong on that though).
Perhaps by not informing the world of the vulnerabilities, they were able to avert attacks, but that is still a double edged sword IMO.
Either way.. like I said, I still like FF and will use it occasionaly, I just prefer IE.
Double Zero
Reply #6 Monday, February 28, 2005 7:34 PM
That cant be any more true, people sometimes forget that about software\computers..::laughs:: I think it's the whole "computer" word itself..I dont know..
But yeah, you can be hacked no matter what lengths you go to, to aviod it. So as far as Firefox goes, I will keep using it, along with IE and the Netscape browser, each browser has features that I like and I am not going to live my life in paranoia that someones going to break into my box..If and when that happens it will just be one more thing added to my list of "things to deal with" LoL
Zero.
Reply #6 Monday, February 28, 2005 7:34 PM
| Keep in mind... ALL Software has bugs/holes/and backdoors that the programers put in. Software is created by a human and will always be defective and be able to be cracked. |
That cant be any more true, people sometimes forget that about software\computers..::laughs:: I think it's the whole "computer" word itself..I dont know..
But yeah, you can be hacked no matter what lengths you go to, to aviod it. So as far as Firefox goes, I will keep using it, along with IE and the Netscape browser, each browser has features that I like and I am not going to live my life in paranoia that someones going to break into my box..If and when that happens it will just be one more thing added to my list of "things to deal with" LoL
Zero.
Lantec
Reply #7 Monday, February 28, 2005 7:44 PM
Reply #7 Monday, February 28, 2005 7:44 PM
Phoon, since you like FireFox but prefer IE, you sound like someone who should take a look at Maxthon. It's got the tabbed browsing like FF but is based on IE so it also has the compatability that FF sometimes lacks. I have both on my system but use FF as my default because it's not as complicated. However, I sometimes need to use those sites that give FF fits and I create shortcuts for them that use Maxthon. The only time I use IE is on the Updates site.
Phoon
Reply #8 Monday, February 28, 2005 8:05 PM
Reply #8 Monday, February 28, 2005 8:05 PM
Lantec.. I REALLY like Maxthon. The only thin I don't care for is the proxy setup of it. I sometimes use 2 proxy servers at work. Maxthon doesn't have the setting flexibilty that I needed. Otherwise, it is indeed a great tool.
Weaksid
Reply #9 Monday, February 28, 2005 8:26 PM
Reply #9 Monday, February 28, 2005 8:26 PM
Maxthon used to be called "MYIE2" right?
I have Maxthon installed also because I wanted the tab browser and session keeper for IE also.
I have Maxthon installed also because I wanted the tab browser and session keeper for IE also.
Please login to comment and/or vote for this skin.
Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:
- Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
- Access to a great community, with a massive database of many, many areas of interest.
- Access to contests & subscription offers like exclusive emails.
- It's simple, and FREE!
Reply #1 Monday, February 28, 2005 5:44 PM
As it has gained in popularity, it HAS become more of a target and the vulnerabilities are showing.
But then again, I quote from another thread...
That's one of those excuses that gets repeated so often people begin uncritically swallowing it till it becomes "common knowledge