Welcome | Sign In
LinuxInsider.com
Security

Mozilla Beefs Up Security in Firefox 2.0

Print Version
E-Mail Article
Reprints
Mozilla Beefs Up Security in Firefox 2.0

By Jay Lyman
LinuxInsider
12/21/06 4:00 AM PT

Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.


Mozilla released the first security reinforcements for Firefox 2.0, the latest version of its popular Web browser, providing users of the open source software with fixes for five critical and three minor security holes.

Security has emerged as one of the most important aspects of browser software from Mozilla, Microsoft (Nasdaq: MSFT), Opera and others, as attackers increasingly take advantage of browser vulnerabilities to hook into the computers of unsuspecting Web surfers.

This week's patches address flaws that are indirectly related to security, Burton Group Vice President Craig Roth told LinuxInsider.

"They're security, but they're bug fixes to things that may affect security issues," he said, referring to social engineering attacks that aim to trick users rather than fooling the software.

Growth and Bugs

The security advantages of Firefox have helped it gain on Microsoft's Internet Explorer like no other competitor in years. However, even though it has been growing rapidly, it is still much smaller in market share and appeal to attackers than IE.

Microsoft dominates with more than 80 percent share. However, Firefox has passed the 12 percent mark and is now pushing toward 15 percent. The remainder is owned by Opera, Apple's (Nasdaq: AAPL) Safari and other browsers.

Mozilla released Firefox 2.0 last October as Microsoft rolled its major browser upgrade to market with IE7. Both browsers focus on security, and both have suffered from bugs, flaws and security holes that come with all software, including a password theft vulnerability disclosed earlier this month.

Critical Fixes

In this week's security update, Mozilla addressed five vulnerabilities deemed "critical," two considered "high" impact, and one minor issue.

The critical issues include an SVG Processing Remote Code Execution, a LiveConnect crash finalizing JavaScript objects, and privilege escalation using watch point, Mozilla said.

Security firm Secunia issued an advisory on the Firefox vulnerabilities and a recommendation that users update to Firefox 1.5.0.9 or 2.0.0.1.

Social Security

Roth downplayed the significance of the Firefox security fixes, indicating Mozilla was not featuring the update prominently, nor was it urging users to download it.

The biggest security advantage of Firefox is its much smaller user base compared to Explorer, Roth said, suggesting that the latest updates are less important than how Mozilla deals with continuing and improving social engineering attacks, particularly phishing.

"It's an ongoing issue -- one that's more important to track than things like this," he said.

Print Version E-Mail Article Reprints More by Jay Lyman

Talkback: Be the first to comment on this story.

More by Jay Lyman

Open Source Developer Dumps Novell Over Microsoft Deal
December 26, 2006
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say. 		Financial Firms Tap Microsoft for Linux
December 22, 2006
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil. 		Hynix Unveils World's Fastest DRAM Chip
December 18, 2006
South Korea-based DRAM manufacturer Hynix has unveiled a DRAM chip that runs at 800 MHz -- the fastest memory speed yet. Its triple-metal design, based on a layered, three-dimensional architecture, represents a significant advance for Hynix. The new memory technology will be available in DDR2 modules in the first half of 2007.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> WiFi Hotspot Locator
> Inside LinuxInsider
E-Commerce Times
TechNewsWorld
MacNewsWorld
CRM Buyer
Today's LinuxInsider Sponsors
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Entrust Extended Validation SSL
Entrust EV SSL certificates -- "go green" for less. Now from only $199 per year.
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.