 |
|
 |
 |
|
Security Wonks Reveal Holes in Firefox Straight Out of the Gate
As Mozilla went after a Guinness World Record for the most downloads in a 24-hour period with its release of Firefox 3, it didn't take security researchers long to drop a bomb on all the browsing fun. TippingPoint's DVLabs reported that its Zero Day Initiative (ZDI) program received a critical vulnerability affecting Firefox 3.0 as well as prior versions of Firefox 2.0.x. Are 8 million newly minted Firefox 3 surfers taking to the Web with a broken browser? Broken, of course, is just a fancy alliteration. In reality, DVLabs and Mozilla are both keeping the details under wraps, so it's hard to say how vulnerable Firefox 3 actually is. "Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser-based vulnerabilities that we see these days, user interaction is required such as clicking on a link in e-mail or visiting a malicious web page," DVLabs noted. So how does a vulnerability slip past all the planning and building
and testing that goes into a widely used browser like Firefox? With the
many betas and release candidates Mozilla put out prior to the official
launch, wasn't there ample opportunity to find the problem earlier? For the full story, click here! Posted at 05:50AM Jun 20, 2008 by Kevin P McAuliffe in Inform | Comments[0] 
|
|
