Critical flaws found in Firefox from the BBC

Firefox has just celebrated its 50 millionth download
The Mozilla Foundation has said it is "working aggressively" to fix two flaws in its open source Firefox browser.
The vulnerabilities, reported on Saturday, were identified as "very critical", but no cases had been reported of them being exploited.

Several security firms identified the flaws which could let websites run malicious code on a person's computer.

Mozilla has responded by changing its update service and says people should temporarily turn off JavaScript code.

Manual downloads

The first flaw reported fools the browser into thinking software is being installed by a legitimate, or safe, website.

The second flaw happens when the software installation trigger does not properly check icon web addresses which contain JavaScript code.

A hacker could potentially take advantage of the security flaws to secretly launch malicious code or programs.

Mozilla advised people to download add-ons to its software manually from the Foundation's site.

Danish security firm Secunia said called the flaws "extremely critical" because cookie and history information could be used to get access to personal information or gain access to sites previously visited.

The Mozilla Foundation, which developed the browser, said it was working hard to provide a comprehensive and more permanent fix for the problems.

Main competition

Last week, Firefox celebrated its 50 millionth download since its official launch in November.

Firefox is Microsoft Internet Explorer's (IE) main rival in the browser market. Many like it because it is easily customised, and others say it has fewer security flaws than IE.

Being open source means people can adapt the software's core code to create innovative features, such as add-ons, RSS news feed readers, or extensions to the program.

The Mozilla Foundation was set up by former browser maker Netscape in 1998. Netscape dominated the browser market in the early 1990s.

Microsoft releases its next-generation IE7 later this year which promises to be more secure.

Another linky:

http://story.news.yahoo.com/news?tmpl=story&cid=1093&e=5&u=/pcworld/120756

Did they fix this yet? I (heart) Firefox.

Did they fix this yet? I (heart) Firefox.

Yep. Version 1.0.4 is out! :D

heh 1.0.3 and then 1.0.4 in a matter of not too long between versions. Nice!

I am having a Firefox issue, which is driving me insane. I'll post about it in a bit.

Just installed version 1.0.4 on all three of my computers.

Firefox doesn't get attacked as often as Windows simply because more people have Windows so more attacks are written for it. In actuallity I would expect about the same amount of flaws in both. On the other hand, since Windows has so many testers- I mean users- they should be more aware of problems and hopefully better able to fix them. Hopefully.

Updated News:

Firefox's flaws fixed in upgrade

Firefox has just celebrated its 50 millionth download
The Mozilla Foundation, maker of the open source web browser Firefox, has released a security patch to plug two critical security flaws in the browser.
The flaws were found last week by net security experts. Danish firm, Secunia, called them "extremely critical".

Mozilla has now recommended people upgrade to the latest version, Firefox 1.0.4, which is a security update.

Firefox is Microsoft Internet Explorer's (IE) main rival. IE has dominated the browser market.

But many have switched to Firefox because, so far, it has had fewer security flaws than IE and is more customisable.

Although the vulnerabilities, reported on Saturday, had been identified no cases had been reported of them being exploited.

Secunia said they were "extremely critical" because they could have let cookie and history information be used to get access to personal information or access previously visited sites.

The first flaw reported fooled the browser into thinking software was being installed by a legitimate, or safe, website.

The second was related to the software installation trigger which was not able to properly check icon web addresses which contain JavaScript code.

Potentially, a hacker could have taken advantage of the security flaws to secretly launch malicious code or programs.

Chipping away

Firefox has had more than 50 million downloads since its formal launch in November 2004.

Since then, it has chipped away at IE's dominance, but there are signs that its take-up is slowing down, according to recent figures.

IE fell a percentage in its share of the browser market, net monitoring company WebSideStory said on Tuesday.

Microsoft's browser now has a 88.9% share, while Firefox's share has risen just over a point to 6.8%. Previously, IE dominated more than 95% of the browser market.

But Microsoft is set to release another, more secure, version of IE in the summer.

The Mozilla Foundation was set up by former browser maker Netscape in 1998. Netscape dominated the browser market in the early 1990s.

Firefox doesn't get attacked as often as Windows simply because more people have Windows so more attacks are written for it.
Or it might possibly be, so many attacks are written for Windows (or IE) because it's so easy to do.