Firefox 3 Bugs Reported - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Firefox 3 Bugs Reported

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday.

Security flaws were found in Firefox 3 just hours after the open source Web browser was released Tuesday by developer

Within five hours after the official release, security tool vendor TippingPoint was notified of a "critical vulnerability" affecting Firefox 3.0 and 2.0. The flaw could enable an attacker to run malicious code on a computer, the company said. Like other browser-based vulnerabilities, a person would have to click on a link in an e-mail or visit a malicious Web page to get infected.

The bug was reported to Mozilla, and no other details were released, in order to give the organization time to develop a patch. "Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well," TippingPoint said in a statement.

Mozilla downplayed the threat on its security blog, saying, "There is no public exploit, the details are private, and so the current risk to users is minimal."

Nevertheless, the organization said it was investigating the vulnerability, and would keep the details under wraps until a patch is released.

The flaw was submitted to TippingPoint through its Zero Day Initiative program, under which the company pays security researchers for bugs they submit. Security experts have raised concerns about such programs, saying they set a precedent in which people could start selling their information to the highest bidder, who could end up being a criminal. In addition, there's no guarantee that the information is coming from an ethical hacker.

Another Firefox 3 vulnerability was posted Tuesday on a security mailing list hosted by security consultant Neohapsis. The brief posting warned of a buffer overflow bug in Firefox 3, but provided no details. It was not clear whether the flaw was the same as the one reported by TippingPoint.

An InformationWeek review of Firefox 3 found that new security features designed to protect users against phishing and malicious Web sites were unreliable. From a security standpoint, InformationWeek found Firefox 3 a step backward.

Meanwhile, Mozilla reported more than 8 million downloads of Firefox 3 in the first 24 hours of its release. The organization appeared to have far exceeded its goal of 5 million downloads, which would set a world record. Firefox's main rival is Microsoft's Internet Explorer.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll