Read up on the latest ideas and technologies from companies that sell hardware, software and services. Optimized Back-up and Recovery for VMWare for VMWare Infrastructure with EMC Avamar
Web Security SaaS: The Next Generation of Web Security
Enterprise Wireless WLAN Security
CRM your salespeople will love
Vendor Influence Curves And How You Can Get The Best Value Out Of Your Network
Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Revolutionising Back-up and Recovery
Why Security SaaS Makes Sense Today
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
Only hours after Mozilla launched the final of Firefox 3.0, a researcher sold a critical vulnerability in the browser to TippingPoint's bug bounty program, the security company acknowledged Wedesday.
The bug has been reported to Mozilla, TippingPoint announced in a post to a company blog. "While Mozilla is working on a fix, we won't be divulging anything else until a patch is available," said TippingPoint, citing policy. "Once the issue is patched, we'll be publishing an advisory."
The Austin, Tex.-based security vendor operates the Zero Day Initiative (ZDI), one of two prominent vulnerability purchasing programs, and regularly buys bugs from independent researchers, then reports the flaws to the appropriate vendor. It's perhaps best known for sponsoring an annual hacking contest, in which researchers try to break into stock Windows, Mac OS X or Linux laptops, at the annual CanSecWest security conference.
TippingPoint released little information about the Firefox bug other than to confirm that it affects the new Firefox 3.0 as well as older 2.0 versions. TippingPoint classified the vulnerability as "critical" and said it could be used to execute remote code. There is one caveat, however, said TippingPoint. "Not unlike most browser-based vulnerabilities that we see these days, user interaction is required, such as clicking on a link in e-mail or visiting a malicious Web page."
The company didn't hint whether the vulnerability was present in all editions of Firefox 3.0, or was specific to one operating system. However, it hinted that a patch might come quickly. "Working with Mozilla on past security issues, we've found them to have a good track record and expect a reasonable turnaround on this issue as well," said TippingPoint.
Mozilla regularly touts its patch speed when it defends its security record. Last January, for instance, Window Snyder, the open-source vendor's chief security executive, rebutted a news report that claimed Firefox was less secure than Microsoft's Internet Explorer by noting that Mozilla patches faster than Microsoft. "At Mozilla we work as hard as we can to ship fixes as soon as possible to minimize the exposure to our users," she said then in a post to the company's security blog.
Mozilla was not available late Wednesday for comment or to answer questions.
Firefox 3.0, released Tuesday, was downloaded more than 8.3 million times in its first 24 hours of availability.
(Read Firefox 3.0 review here).
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
F-Secure achieves excellent results in Internet security suite comparison 2008-10-10 14:37:00+10
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 2008-10-10 08:51:00+10
Pitney Bowes MapInfo Launches New Version of AnySite 2008-10-10 05:58:00+10
IOGEAR Gears Up in Australia 2008-10-09 20:18:00+10
Internet Service Providers offer new unlimited Online Backup from F-Secure 2008-10-09 19:42:00+10
How to Beef Up Your Sales Pipeline
Our economy may be heading towards a recession. Sales rates are dropping. Promotional campaigns are proving less effective than you would like. So how do you continue to grow your business and bring home the sales in such an environment? Download this white paper now to find the answers.
