Government // Cybersecurity
News
6/19/2008
02:46 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Firefox 3 Bugs Reported

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday.

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday by developer Mozilla.org.

Within five hours after the official release, security tool vendor TippingPoint was notified of a "critical vulnerability" affecting Firefox 3.0 and 2.0. The flaw could enable an attacker to run malicious code on a computer, the company said. Like other browser-based vulnerabilities, a person would have to click on a link in an e-mail or visit a malicious Web page to get infected.

The bug was reported to Mozilla, and no other details were released, in order to give the organization time to develop a patch. "Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well," TippingPoint said in a statement.

Mozilla downplayed the threat on its security blog, saying, "There is no public exploit, the details are private, and so the current risk to users is minimal."

Nevertheless, the organization said it was investigating the vulnerability, and would keep the details under wraps until a patch is released.

The flaw was submitted to TippingPoint through its Zero Day Initiative program, under which the company pays security researchers for bugs they submit. Security experts have raised concerns about such programs, saying they set a precedent in which people could start selling their information to the highest bidder, who could end up being a criminal. In addition, there's no guarantee that the information is coming from an ethical hacker.

Another Firefox 3 vulnerability was posted Tuesday on a security mailing list hosted by security consultant Neohapsis. The brief posting warned of a buffer overflow bug in Firefox 3, but provided no details. It was not clear whether the flaw was the same as the one reported by TippingPoint.

An InformationWeek review of Firefox 3 found that new security features designed to protect users against phishing and malicious Web sites were unreliable. From a security standpoint, InformationWeek found Firefox 3 a step backward.

Meanwhile, Mozilla reported more than 8 million downloads of Firefox 3 in the first 24 hours of its release. The organization appeared to have far exceeded its goal of 5 million downloads, which would set a world record. Firefox's main rival is Microsoft's Internet Explorer.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.