Although the vast majority of Internet attacks are aimed at Microsoft's Internet Explorer, due to its share of the browser market and IE's tight coupling with Windows, some do target Firefox code. Browser-based attacks have become common, and the trend is fueled by "point and click" exploit-and-attack methods, as well as the increasing availability of attack code.
Tech Industry Paper - Finding Strength Through Customer Service
Poised to capitalize on an upturn in the economy, technology companies are focused on retention & service. This paper, from Convergys, provides the latest research on customer experience for B2B & B2C technology customers. Learn more.
Mozilla Foundation this week released patches for its Firefox browser, its Thunderbird e-mail 
client, and its SeaMonkey Internet application suite, responding to an increase in security issues accompanying the open source software's surging popularity.
Firefox has topped the 15 percent mark in browser market share. That's still far behind Microsoft's (Nasdaq: MSFT) dominant Internet Explorer browser, but IE has been slipping of late, while Firefox's fortunes continue to rise.
It's unclear whether more serious attention from attackers is on the way, but even if that should be the case, Mozilla will have certain advantages over Microsoft in dealing with such problems.
"It's going to be easier to manage and provide a more rapid response," VeriSign (Nasdaq: VRSN) iDefense Rapid Response Team Director Ken Dunham told LinuxInsider. That's because Firefox has a modular design with fewer lines of code and fewer interdependencies than Explorer.
The three patches that Mozilla issued this week were for security issues it deemed "critical." However, none of the vulnerabilities they address affect the latest version of the Firefox 2.0 browser.
The first fix covered a flaw affecting Firefox, Thunderbird and SeaMonkey software that would allow running script to be recompiled. The second vulnerability, affecting the same three software products, could allow forgery of an RSA signature, Mozilla said.
The third issue, which affects the same applications, could cause a computer crash with evidence of memory corruption, Mozilla said.
Although the vast majority of Internet attacks are aimed at IE, due to its share of the browser market and its tight coupling with Windows, some do target Firefox code, according to Dunham.
Browser-based attacks have become common, and the trend is fueled by "point and click" exploit-and-attack methods, as well as the increasing availability of attack code.
In addition to high-profile attacks reminiscent of yesterday's worm outbreaks, there are new tactics that can quickly turn even moderate or less critical vulnerabilities into threats for IT organizations, Dunham noted.
Although Firefox's attractiveness to attackers may increase as the browser's market share approaches 20 percent, it is still relatively secure, IT-Harvest Chief Research Analyst Richard Stiennon told LinuxInsider.
"To date, I haven't seen any sign of targeting [Firefox]," he said.
Mozilla's open source code, which allows both good guys and bad guys to search out holes, has proven to be an advantage rather than a security liability for Firefox, Stiennon said.
"The more we hear about things Microsoft is doing now in the security
space, we realize how great it is to have total transparency in the
code," he remarked.
Print Version
E-Mail Article
Reprints
More by Jay Lyman
Next Article in Security
|
Wikipedia Hit By Web 2.0 Attack November 07, 2006 
The open source encyclopedia project Wikipedia may be too open for its own good, judging from events of the past week. Following accusations of multiple instances of plagiarism on the site came the discovery of planted malware. Links to a bogus fix for the MS Blaster computer worm actually led readers to a fake Wikipedia page where they were duped into downloading a bypass for anti-spam software.
|
Related Stories
|
Adobe Contributes Flash Script to Mozilla November 08, 2006 
Adobe has provided the Mozilla Foundation with the source code to its ActionScript Virtual Machine. The code will form the basis of a new open source project, Tamarin, designed to promote standardization of rich Web applications.
|
Mozilla Unleashes Firefox 2.0 as IE7 Faceoff Begins October 24, 2006 
The Mozilla Foundation has launched the latest version of its open source browser software. Firefox 2.0 adds enhanced search and security features that Mozilla hopes will help it better compete with Microsoft's dominant Internet Explorer, which was updated itself last week, as well as alternatives from the likes of Apple and Opera Software.
|
Mozilla Releases Firefox 2.0 Beta, Invites 3.0 Suggestions October 17, 2006 
The Mozilla Foundation released the next beta of version 2.0 of its popular Firefox browser Tuesday. Release Candidate 3 is expected to be the final version of Firefox 2.0. Mozilla also launched a wiki inviting the public to help it brainstorm new features for version 3.0.
|
Related News Alerts
More by Jay Lyman
|
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006 
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
|
Financial Firms Tap Microsoft for Linux December 22, 2006 
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
|
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006 
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
WiFi Hotspot Locator 
Inside TechNewsWorld
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
