A vulnerability has been discovered in the Firefox Web browser that could be exploited by malicious people to gain knowledge of potentially sensitive information, according to an advisory from security research firm Secunia.
The vulnerability comes less than six weeks after the Mozilla Foundation released a security update to the Firefox browser that included several fixes to guard against spoofing and arbitrary code execution.
The vulnerability has been confirmed in versions 1.0.1 and 1.0.2. Other versions may also be affected.
Firefox Versus Internet Exlporer
Web vulnerabilities are not at all unusual, evidenced by Secunia’s deep online library of security advisories about Firefox, Microsoft’s Internet Explorer, Apple’s Safari and others.
In fact, Jupiter Research analyst Joe Wilcox told TechNewsWorld that vulnerabilities are just “part of the ballgame.”
“Flaws will be found because flaws exist and that’s going to be true for any Web browser,” Wilcox said. “The real question over time is whether the Mozilla folks can keep up with finding problems and then deploying patches in the most efficient manner.”
That, said Wilcox, is where Microsoft has an advantage in the marketplace. Microsoft has a team dedicated to looking for vulnerabilities, developing patches and distributing them while Firefox has limited resources.
“Just think of Windows Update, for example, and the amount that Microsoft invested in that infrastructure over many years,” Wilcox said. “That’s a very powerful distribution for getting patches out as quickly and efficiently as possible Firefox doesn’t have anything like that.”
Secunia’s online test for the bug is available via its Web site.