Firefox 3 Vulnerability Rains on Mozilla Download Parade

June 21, 2008

Firefox 3 Vulnerability Rains on Mozilla Download ParadeFor all the exaggerations about the number of people who downloaded 3 Mozilla’s Firefox open source browser on a five-hour, now there is exaggeration about how long it takes security researchers to disclose a flaw.

Five hours after Mozilla officially released the long-awaited update, turning point confirmed a vulnerability. Point of inflection of the Zero Day initiative program received notification about a critical vulnerability affecting both Firefox Firefox 2 and 3.

“We have verified the vulnerability in our laboratory, it was purchased by researchers, then promptly reported the vulnerability to the Mozilla security team shortly after,” turning point wrote in his blog Digital Vaccine Laboratories.

“Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code,” said the company. “Not unlike most browser-based vulnerabilities that we see these days, user interaction is required, such as clicking on an email link or visiting a malicious website.”

Take every precaution normal

Mozilla is working on a solution, and turning point is not to say much more until a patch is available. Therefore, just how serious is the threat? It is difficult to say with certainty, according to Carole Theriault, a security researcher at Sophos, because there is little detailed information on the threat.

However, he said, it would be prudent to take precautions normal people are advised to take: Visit only reputable Web sites, patch security vulnerabilities, and put this patch in place as soon as Mozilla makes it available.

“Companies that are concerned that their users are dashing out and installing the new browser should consider controlling which version of browser and can be used in the enterprise,” said Theriault. Tools like Sophos’ monitoring the application allows administrators to control the use of browser within the network, ensuring that the network is not at unnecessary risk.

Mozilla was created?

It is not uncommon for the bug reports to arise from newly released software, particularly browsers. But the fact that this is an error in Firefox 2 Theriault leads to consider that the “researcher” could have been sitting on it for a while, pending the release of Firefox 3.

“Any payment or the glory of a vulnerability will be much greater in a new version of a browser,” he said. “I can not stop thinking about contact with Mozilla that as soon as they are discovered to help them make their products safer for its millions of users would have been better, I dare say that, less selfish.”

Rain in Mozilla’s Parade?

Could this error discovery put a damper on the overall success of the launch of Firefox 3 that saw more than eight million downloads in a matter of hours?

He does not like the software company for its launch has been clouded by an error of security, Mozilla, but has been around a long time and knows a mistake was forced to meet sooner or later, said Theriault.

“The software is made by man and we all lose things occasionally, no matter how much testing and forecasting is developing,” he said. “What matters now is that Mozilla respond quickly with a patch to address this failure. I hope we get a solution to the leak before anyone details of the fault, where they face a situation even Grimm.”

Written by Admin · Filed Under Internet 

Comments

Got something to say?