The Mozilla Foundation issued a patch Wednesday for a previously undisclosed hole in its popular Firefox Web browser and is encouraging Firefox users to download the software update as soon as possible.
The nonprofit organization released Firefox 1.0.2 to fix a buffer overflow vulnerability in a Firefox feature for processing GIF (Graphics Interchange Format) image files. The patch is the second security patch issued in less than a month, but the foundation reassured users that the browser's open source platform is secure, and said it does not know of any active exploits for the hole.
The GIF processing hole was discovered by Internet Security Systems (ISS) and makes Firefox users who are running earlier versions of the browser vulnerable to buffer overflow attack, according to a statement released by the Mozilla Foundation.
ISS discovered the hole in a review of the Firefox source code, which is available on the Internet.
In a statement attributed to Chris Hofmann, the foundation's director of engineering, the discovery of the hole and release of a patch shortly after are evidence that the open source software model is safer and more secure than closed-source commercial code, because it is "scoured by thousands" of contributors, developers and professionals, and "not just the company's development team."
In February, the Mozilla Foundation released Firefox 1.0.1 to fix 17 security vulnerabilities in Firefox, including changes to guard against spoofing of Web addresses and the security indicator on Web sites. However, the foundation is not planning to adopt a regular patch release cycle, which Microsoft Corp. uses, and will continue to issue updates as they are needed, Hofmann said in a statement.
Firefox has been gaining in popularity since the first full version of the browser was released in November. More than 27 million copies of Firefox have been downloaded since then, pushing Microsoft's Internet Explorer (IE) share of the browser market below 90 percent for the first time in years.
Firefox installations were 5.7 percent of the U.S. browser market as of Feb. 18. IE controlled 89.9 percent, according to statistics released by Web tracking company WebSideStory.
However, Hofmann denied that Firefox is becoming a more attractive candidate for hackers as it gains market share.
"There is this idea that market share alone will make you have more vulnerabilities. It is not relational at all. Not being in the operating system and not supporting Microsoft's proprietary Active X are phenomenal advantages to us," he said in a statement.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Gaining Competitive Advantage Through Enterprise Planning
Refresh your AUP: Top tips to ensure your acceptable use policy is fit for purpose
Everything you need to know about email and web security (but were afraid to ask)
The state of Middleware
Email Archiving 101—Customer Case Study
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
Achieving the impossible: Unlimited application scalability
Taking On Demand CRM Integration to the Next Level
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
FrontRange Solutions eases software license management with new License Manager 3.0 2008-12-03 14:56:00+11
Progress Software's Cure for Managing Services-based Applications 2008-12-03 14:42:00+11
S3 Graphics Unleashes Full OpenGL® 3.0 API Support with Beta Driver for Chrome 500 Series GPUs 2008-12-03 14:08:00+11
Informatica Powercenter added to Nec Infoframe Solution Suite 2008-12-03 11:36:00+11
Making the Business Case for IT Consolidation
IT executives face the need to improve service delivery with limited resource increases. Two common strategies for achieving this are network and systems management tools and datacenter consolidation. Read on to discover how you can make a strong business case for IT Consolidation.
Buying Guides
Latest Products
Buying Guides
