Government // Cybersecurity
News
6/19/2008
02:46 PM
Connect Directly
RSS
E-Mail
50%
50%

Firefox 3 Bugs Reported

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday.

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday by developer Mozilla.org.

Within five hours after the official release, security tool vendor TippingPoint was notified of a "critical vulnerability" affecting Firefox 3.0 and 2.0. The flaw could enable an attacker to run malicious code on a computer, the company said. Like other browser-based vulnerabilities, a person would have to click on a link in an e-mail or visit a malicious Web page to get infected.

The bug was reported to Mozilla, and no other details were released, in order to give the organization time to develop a patch. "Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well," TippingPoint said in a statement.

Mozilla downplayed the threat on its security blog, saying, "There is no public exploit, the details are private, and so the current risk to users is minimal."

Nevertheless, the organization said it was investigating the vulnerability, and would keep the details under wraps until a patch is released.

The flaw was submitted to TippingPoint through its Zero Day Initiative program, under which the company pays security researchers for bugs they submit. Security experts have raised concerns about such programs, saying they set a precedent in which people could start selling their information to the highest bidder, who could end up being a criminal. In addition, there's no guarantee that the information is coming from an ethical hacker.

Another Firefox 3 vulnerability was posted Tuesday on a security mailing list hosted by security consultant Neohapsis. The brief posting warned of a buffer overflow bug in Firefox 3, but provided no details. It was not clear whether the flaw was the same as the one reported by TippingPoint.

An InformationWeek review of Firefox 3 found that new security features designed to protect users against phishing and malicious Web sites were unreliable. From a security standpoint, InformationWeek found Firefox 3 a step backward.

Meanwhile, Mozilla reported more than 8 million downloads of Firefox 3 in the first 24 hours of its release. The organization appeared to have far exceeded its goal of 5 million downloads, which would set a world record. Firefox's main rival is Microsoft's Internet Explorer.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.