The Mozilla Foundation issued a patch Wednesday for a previously undisclosed hole in its popular Firefox Web browser and is encouraging Firefox users to download the software update as soon as possible.
The nonprofit organization released Firefox 1.0.2 to fix a buffer overflow vulnerability in a Firefox feature for processing GIF (Graphics Interchange Format) image files. The patch is the second security patch issued in less than a month, but the foundation reassured users that the browser's open source platform is secure, and said it does not know of any active exploits for the hole.
The GIF processing hole was discovered by Internet Security Systems (ISS) and makes Firefox users who are running earlier versions of the browser vulnerable to buffer overflow attack, according to a statement released by the Mozilla Foundation.
ISS discovered the hole in a review of the Firefox source code, which is available on the Internet.
In a statement attributed to Chris Hofmann, the foundation's director of engineering, the discovery of the hole and release of a patch shortly after are evidence that the open source software model is safer and more secure than closed-source commercial code, because it is "scoured by thousands" of contributors, developers and professionals, and "not just the company's development team."
In February, the Mozilla Foundation released Firefox 1.0.1 to fix 17 security vulnerabilities in Firefox, including changes to guard against spoofing of Web addresses and the security indicator on Web sites. However, the foundation is not planning to adopt a regular patch release cycle, which Microsoft Corp. uses, and will continue to issue updates as they are needed, Hofmann said in a statement.
Firefox has been gaining in popularity since the first full version of the browser was released in November. More than 27 million copies of Firefox have been downloaded since then, pushing Microsoft's Internet Explorer (IE) share of the browser market below 90 percent for the first time in years.
Firefox installations were 5.7 percent of the U.S. browser market as of Feb. 18. IE controlled 89.9 percent, according to statistics released by Web tracking company WebSideStory Inc.
However, Hofmann denied that Firefox is becoming a more attractive candidate for hackers as it gains market share.
"There is this idea that market share alone will make you have more vulnerabilities. It is not relational at all. Not being in the operating system and not supporting Microsoft's proprietary Active X are phenomenal advantages to us," he said in a statement.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Applications Resource Alerts
Recommend This
