Now What? Flaws In Firefox?

Sunday 15 May 2005 @ 5:52 pm

Just a few hours ago written a short article about flaws found in Internet Explorer and Microsost Outlook, now I’ve just read another article regarding vulnerabilities in the Firefox.

According to the article, in the latest incident, a 16-year-old security researcher – who asked only to be identified by his first name, Paul – found three vulnerabilities in the Firefox browser that together could be exploited to run arbitrary code. It seems that now flaw finders are digging up more security holes in Firefox, while vulnerability researchers frequently flogged Microsoft for the number of security holes found in its Internet Explorer browser.

For the last six months of 2004, researchers found more vulnerabilities in Mozilla’s Firefox than Microsoft’s Internet Explorer, according to Symantec’s bi-annual Internet Security Threat Report. The report tallied 21 vulnerabilities for Mozilla Firefox versus 13 for Internet Explorer. However, a smaller percentage of the vulnerabilities found in Firefox were considered a severe security threat, said Symantec’s Oliver Friedrichs, senior manager with the company’s security response team.

Anyway, as compared to the number of critical flaws found, Firefox still is having an edge over Internet Explorer. In other words, quantity of flaws found doesn’t necessary reflect the seriousness of the hole in any browser.

“Severe vulnerabilities in general allow for drive-by installs,” he said. “So just by visiting a website, you could have [anything from] spyware to malware to Trojan horses installed on your system.”

Friedrichs stressed that the number of vulnerabilities found by researchers is not necessarily a good indication of product security. He pointed to the Mozilla Firefox’s relatively young age, the browser’s increasing popularity, and commercial software vendors tendency to silently fix vulnerabilities as factors that could affect the vulnerability count.

To reduce flaws, Microsoft changed more than 50 features of Internet Explorer in WinXP SP2. In total, Microsoft changed more than 428 features in Windows XP, including eliminating two classes of vulnerabilities on which the company did not revealed before.

Those changes have made Internet Explorer a tougher target for vulnerability researchers, said one flaw finder.

This makes me wonder, is reducing the features (not 1, but more than 50) in an application a wise move to eliminate flaws?

Anyway, let’s see what’s the progress of fighting secirity flaws between Firefox and Internet Explorer in coming months.


Blogsphere: TechnoratiFeedsterBloglines
Bookmark: Del.icio.usSpurlFurlSimpyBlinkDigg
RSS feed for comments on this post

4 Responses to 'Now What? Flaws In Firefox?'

  1. aunty - May 15th, 2005 at 5:58 pm

    firefox would have as much flaws as explorer.


    it’s just that because more people use microsoft, hackers are more prompt to find holes and attack them. it’s just a matter of time that more hackers find holes in firefox and the same amount of holes can be found in firefox.

  2. SapiensBryan - May 15th, 2005 at 6:25 pm

    I think it’s true. As one of the Microsoft developers said in the source article : “Security is an industry-wide problem, it’s not limited or unique to operating systems or applications, or client or server software. It’s not limited or unique to commercial software or open source.”

    The important point here is : How fast can the developers come out with a patch for those flaws found.


  3. multidimid - May 16th, 2005 at 12:16 am

    Any security Hot fixes from Firefox and auto-updates?

  4. SapiensBryan - May 16th, 2005 at 12:36 am

    Nope, not yet released.

    Hopefully, they will have one soon. :)

Powered by Disqus

Apple iPad & Maxis WiFi Modem Reviews «
Apple iPad & Maxis WiFi Modem Reviews
Nokia N8 Reviews «
Nokia N8 Reviews
Samsung Galaxy S Reviews «
Samsung Galaxy S Reviews
Nokia N900 Reviews «
Nokia N900 Reviews
Nokia N97 Reviews «
Nokia N97 Reviews


Live Stats

Recent Posts

Favorite Icon

My QR Code A List Blogger