Security firm Secunia is reporting two “extremely critical” flaws in Mozilla’s Firefox. The vulnerabilities can be exploited by malicious people who wish to take control of victims’ computers.
The Mozilla Foundation is aware of the two flaws. The organization said there are currently no known active exploits of these vulnerabilities, although a “proof of concept” has been reported. Mozilla said changes to its update Web service have been made to mitigate the risk of an exploit.
“Mozilla is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update,” said Mozilla executives in a security alert.
Bombs are Falling
Jupiter Research analyst Joe Wilcox told LinuxInsider that there will always be flaws in software, and arguments about why hackers target certain browsers are ongoing all the time. The true test is how effectively open source responds to the threats compared to its commercial counterparts.
“It’s a non-issue whether or not Microsoft is a larger target than Mozilla,” Wilcox said. “The point isn’t why your city is getting bombed instead of someone else’s. It’s what do you do about your city getting bombed. During World War II, Winston Churchill could have talked about how London was a bigger target than New York City. But what would such an argument have meant to Londoners during blackouts?”
A Temporary Fix
Secunia also said a combination of the two vulnerabilities could be exploited to execute arbitrary code. The firm also claims that the exploit code is publicly available. The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.
With the bombs falling on Firefox and the anticipation surrounding Microsoft’s Longhorn beta release this summer, some have wondered whether the popular open-source browser could lose its momentum.
Wilcox doesn’t think so. “There are plenty of people using Internet Explorer despite security flaws,” he said. “So if you use that as a metaphor for Firefox, then theincrease of the flaws may not have an immediate impact.”