Government // Cybersecurity
News
6/19/2008
02:46 PM
Connect Directly
RSS
E-Mail
50%
50%

Firefox 3 Bugs Reported

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday.

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday by developer Mozilla.org.

Within five hours after the official release, security tool vendor TippingPoint was notified of a "critical vulnerability" affecting Firefox 3.0 and 2.0. The flaw could enable an attacker to run malicious code on a computer, the company said. Like other browser-based vulnerabilities, a person would have to click on a link in an e-mail or visit a malicious Web page to get infected.

The bug was reported to Mozilla, and no other details were released, in order to give the organization time to develop a patch. "Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well," TippingPoint said in a statement.

Mozilla downplayed the threat on its security blog, saying, "There is no public exploit, the details are private, and so the current risk to users is minimal."

Nevertheless, the organization said it was investigating the vulnerability, and would keep the details under wraps until a patch is released.

The flaw was submitted to TippingPoint through its Zero Day Initiative program, under which the company pays security researchers for bugs they submit. Security experts have raised concerns about such programs, saying they set a precedent in which people could start selling their information to the highest bidder, who could end up being a criminal. In addition, there's no guarantee that the information is coming from an ethical hacker.

Another Firefox 3 vulnerability was posted Tuesday on a security mailing list hosted by security consultant Neohapsis. The brief posting warned of a buffer overflow bug in Firefox 3, but provided no details. It was not clear whether the flaw was the same as the one reported by TippingPoint.

An InformationWeek review of Firefox 3 found that new security features designed to protect users against phishing and malicious Web sites were unreliable. From a security standpoint, InformationWeek found Firefox 3 a step backward.

Meanwhile, Mozilla reported more than 8 million downloads of Firefox 3 in the first 24 hours of its release. The organization appeared to have far exceeded its goal of 5 million downloads, which would set a world record. Firefox's main rival is Microsoft's Internet Explorer.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.