-=PCTechTalk=- Re: Mozilla Patches Firefox Hole
- From: " milady" <kg6ocz@xxxxxxxxxxxxx>
- To: <pctechtalk@xxxxxxxxxxxxx>
- Date: Thu, 24 Mar 2005 06:33:34 -0800
So where is the patch?
----- Original Message -----
From: "David F. Wooledge" <wooledge001@xxxxxxxx>
To: "@freelistts PCTechTalk" <pctechtalk@xxxxxxxxxxxxx>
Sent: Wednesday, March 23, 2005 10:25 PM
Subject: -=PCTechTalk=- Mozilla Patches Firefox Hole
Mozilla Patches Firefox Hole
Wed Mar 23, 4:00 PM ET
Paul Roberts, IDG News Service
The Mozilla Foundation issued a patch this week for a previously undisclosed
hole in its popular Firefox Web browser and is encouraging Firefox users to
download the software update as soon as possible.
•Symantec: Hackers Turn Attention to Mozilla Browsers•Mozilla Ditches
Browser Suite•Are Fewer People Switching to Firefox?•Mozilla Warns of
Firefox Security Holes•Poll: Safari's Popularity Scorched By Firefox
More Than Mail
How to master the popular information manager. Plus, great Outlook
alternatives, and apps to expand the program.
The nonprofit organization released Firefox 1.0.2 (available as a free
download) to fix a buffer overflow vulnerability in a Firefox feature for
processing GIF image files. The patch is the second security patch issued in
less than a month, but the foundation reassured users that the browser's
open source platform is secure, and says it does not know of any active
exploits for the hole.
The GIF processing hole was discovered by Internet Security Systems (ISS)
and makes Firefox users who are running earlier versions of the browser
vulnerable to buffer overflow attack, according to a statement released by
the Mozilla Foundation.
ISS discovered the hole in a review of the Firefox source code, which is
available on the Internet.
In a statement attributed to Chris Hofmann, the foundation's director of
engineering, the discovery of the hole and release of a patch shortly after
are evidence that the open source software model is safer and more secure
than closed-source commercial code, because it is "scoured by thousands" of
contributors, developers and professionals, and "not just the company's
development team."
Cause for Concern?
In February, the Mozilla Foundation released Firefox 1.0.1 to fix 17
security vulnerabilities in Firefox, including changes to guard against
spoofing of Web addresses and the security indicator on Web sites. However,
the foundation is not planning to adopt a regular patch release cycle, which
Microsoft uses, and will continue to issue updates as they are needed,
Hofmann says in a statement.
Firefox has been gaining in popularity since the first full version of the
browser was released in November. More than 27 million copies of Firefox
have been downloaded since then, pushing Microsoft's Internet Explorer (IE)
share of the browser market below 90 percent for the first time in years.
Firefox installations were 5.7 percent of the U.S. browser market as of
February 18. IE controlled 89.9 percent, according to statistics released by
Web tracking company WebSideStory.
However, Hofmann denies that Firefox is becoming a more attractive candidate
for hackers as it gains market share.
"There is this idea that market share alone will make you have more
vulnerabilities. It is not relational at all. Not being in the operating
system and not supporting Microsoft's proprietary Active X are phenomenal
advantages to us," he says in a statement.
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
--
<Please delete this line and everything below.>
To unsub or change your email settings:
//www.freelists.org/webpage/pctechtalk
To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
//www.freelists.org/archives/pctechtalk/
For more info:
//www.freelists.org/cgi-bin/list?list_id=pctechtalk
Other related posts:
