Recently, there has been some reports in the press that suggest there could be a security hole in the new version of Mozilla's Firefox. But nobody seems to know for sure if the flaw is exploitable or not.
Nevertheless, some are very concerned that it is, and this is what has some participants in the Internet security industry concerned.
Mozilla's new version of Firefox, v. 3.5.1, and available only on July 13 in rapid response to an unpatched vulnerability discovered days earlier, is in turn vulnerable to a new bug involving the handling of very long Unicode strings.
Some reports by security researchers at the Internet Storm Center suggest the security hole might lend itself to some malware code injection.
Worse, proof of concept code has already been published! Proof of concept simply means a development that normally reduces the odds on whether hacking attacks might follow through or not.
But Mozilla has already published an advisory yesterday, stating the unpatched security vulnerability only poses a minimal cross-platform browser crash risk... (!)
That's it?
For its part, Mozilla is now saying "while these strings can result in crashes of some versions of Firefox, the reports by press and various security agencies have incorrectly indicated that this is an exploitable bug. Our analysis indicates that it is not, and we have seen no example of exploitability."
To say the very least, this is very disturbing news, coming from an organization that claims to offer a much safer browser than most of its competitors.
With today's news everywhere on Cloud Computing and the great multitude Internet-based delivery of IT services in just about any field you can imagine, the Internet browser is often the only 'line of defense' between the outside world and some user's computers, since there are still many of them running without a firewall or similar adequate protection.
There's no question that Mozilla needs to beef up the security of Firefox if it still wants to call itself the 'safer browser'.
No comments:
Post a Comment