Firefox has been catching on due one highly touted characteristic: it was sidely said to be much more secure to use than Internet Explorer — but that claim is now undermined by warnings about newly discovered Firefox flaws.
The BBC reports:
The Mozilla Foundation has said it is “working aggressively” to fix two flaws in its open source Firefox browser. The vulnerabilities, reported on Saturday, were identified as “very critical”, but no cases had been reported of them being exploited.
Several security firms identified the flaws which could let websites run malicious code on a person’s computer. Mozilla has responded by changing its update service and says people should temporarily turn off JavaScript code.
The first flaw reported fools the browser into thinking software is being installed by a legitimate, or safe, website. The second flaw happens when the software installation trigger does not properly check icon web addresses which contain JavaScript code.
A hacker could potentially take advantage of the security flaws to secretly launch malicious code or programs.
Mozilla advised people to download add-ons to its software manually from the Foundation’s site.
Danish security firm Secunia said called the flaws “extremely critical” because cookie and history information could be used to get access to personal information or gain access to sites previously visited.
The Mozilla Foundation, which developed the browser, said it was working hard to provide a comprehensive and more permanent fix for the problems.
With having to download add-ons the question will now become which browser is less of a pain to safely use. Not a good avertising slogan for Firefox…
Joe Gandelman is a former fulltime journalist who freelanced in India, Spain, Bangladesh and Cypress writing for publications such as the Christian Science Monitor and Newsweek. He also did radio reports from Madrid for NPR’s All Things Considered. He has worked on two U.S. newspapers and quit the news biz in 1990 to go into entertainment. He also has written for The Week and several online publications, did a column for Cagle Cartoons Syndicate and has appeared on CNN.