Mozilla users urged to upgrade

Users have been urged to upgrade to the latest versions of Mozilla's software to protect themselves from a series of critical security holes.

The U.S. Computer Emergency Readiness Team warned on Monday that earlier versions of Firefox, and other Mozilla software based on Firefox code, contain a clutch of vulnerabilities that expose users to attack.

The Mozilla Foundation released a new version of Firefox last week, version 1.5.0.2, which it said contained fixes for several security flaws.

According to security firm Secunia, there are a total of 21 flaws in the older versions of Firefox, such as Firefox 1.5, some of which it described as "highly critical."

US-CERT advises people who use Mozilla's e-mail software, Thunderbird, and the Internet application suite Seamonkey to also upgrade to the latest versions (Thunderbird 1.5 and Seamonkey 1.0.1). US-CERT warned that any other products based on older Mozilla components, particularly the Gecko rendering engine, may also be affected.

Firefox has traditionally been seen as being more secure than other Web browsers such as Microsoft's Internet Explorer. This is thought to be the first time that multiple vulnerabilities have been reported in Firefox and the Mozilla suite.

Secunia warned that hackers could exploit the security holes to gain control of computer systems, conduct phishing attacks and bypass security restrictions.

One error that occurs in Firefox would allow arbitrary JavaScript code to be injected into Web pages as they load.

The vulnerabilities were discovered by Mozilla researchers, including Bernd Mielke, Alden D'Souza and Martijn Wargers, as well as by 3Com researchers working on the TippingPoint Zero Day Initiative.

This initiative encourages "responsible disclosure of vulnerabilities" to vendors, to give them time to put out patches before holes are disclosed to the public. TippingPoint started to disclose the holes to Mozilla from December last year.

Tom Espiner of ZDNet UK reported from London.

[julianrodriguez]

Automatic Updates

It's a good thing that from Firefox 1.5 on we have automatic updates.

[okelococnet]

That's not new

Automatic Updates are not a new thing.
Internet Explorer has them since the release of Windows Millenium Edition.
Start > Control Panel > Automatic Updates.
;)

And about browser flaws, I just have to say "nobody's perfect" ;)

[julianrodriguez]

Automatic Updates

It's a good thing that from Firefox 1.5 on we have automatic updates.

[okelococnet]

That's not new

Automatic Updates are not a new thing.
Internet Explorer has them since the release of Windows Millenium Edition.
Start > Control Panel > Automatic Updates.
;)

And about browser flaws, I just have to say "nobody's perfect" ;)

[dahkness]

Not so easy now is it?

Everyone is always so quick to hop on the MS bashing bandwagon, but as you can see, its just not so easy to make an application 100% secure now is it? When something is under the scrutiny of billons of people, even a browser made by The Almighty himself would still be exploited.
It seemed everyone was SOOO quick to talk about how great and secure firefox was back when it was released. Same with mozzilla, netscape, opera, etc. now look at them. Yet another browser thrown ontop of a pile-of-crap browsers.

IE is still the god of web browsing for end-users in Windows. If you cannot figure out how to use it securely and correctly then you should not be infront of a keyboard; Youre slowing down our bandwidth.

[dysonl]

Darkness

Your userid should be "darkness" as you seem to be in total darkness.

No one reasonable is claiming any software as 100% secure. Like I said in another post, it's about how many serious holes a software has and how quickly it's being patched. In that regard, Firefox has the upperhand compared to IE.

Besides, Firefox is lightyears ahead of IE in turn of customization and features. Anyone who makes the laughable claim that IE is the "god of web browsing" should not be in front of a keyboard; you're lowering the average IQ of the web population.

[backgroundnoise]

Not A Strong Argument to Use IE over Firefox

I don't think Firefox users switched from IE because they felt it would be 100% secure. Instead, I think they switched because it is tested to be faster and more reliable than IE, as well as the open source community's involvement and approach to timely security fixes/updates/performance.

[System Tyrant]

Sure it is.

People bash Microsoft because of personal feelings toward Microsoft. Just because Firefox isn't "100% secure" doesn't change the fact that a lot of people don't like Microsoft.

As far as IE being the "god of web browsing". Well, I suppose if you believe that then that's your right. I'm sure a lot of other people feel the same way you do. As for me, I feel like IE6 is a junk browsers. IE7.x shows more promise, but then again so does Opera. I say use what you like.

My only real complaint is that I can build a web page that works fine in Firefox and Opera, but always renders like crap in IE. Fix it for IE and it lessens the effect in Firefox and Opera. My only other real complaint is websites designed to only work in IE. In my opinion those who develop IE only pages are hacks developers or they work for stupid people (since I'm sure most of them do as they are told).

My opinion: IE is crap. Firefox and Opera rock. Remember though that's just my opinion.

[Bill Dautrive]

Dee Dee Dee

IE has 10,000 flaws to every FF flaw.

No software is perfect, but IE is as far as you can get from perfect.

[cranbers]

not for profit vs, for profit

Ok lets put it this way, your web browser is being paid for by every user. It comes with the operating system over 90 percent of all computers users are provided with. How can you compare that to a web browser that was picked up out of the grave and was brought back from the dead, and is now the most inovative fastest growing browser on the net, is contantly being updated and is coming out constantly with new inovative features. I don't think we can say that about IE that MS left for dead, because they won the browser war that was hardly a fair fight to begin with.

[cranbers]

not for profit vs, for profit

Ok lets put it this way, your web browser is being paid for by every user. It comes with the operating system over 90 percent of all computers users are provided with. How can you compare that to a web browser that was picked up out of the grave and was brought back from the dead, and is now the most innovative fastest growing browser on the net, is constantly being updated and is coming out constantly with new innovative features. I don't think we can say that about IE that MS left for dead, because they won the browser war that was hardly a fair fight to begin with. Let's also not forget to mention the developers for IE and Windows most likely make over 6 figures a year. Now does it sound like they are doing their job? I think not. So let's just put it that way.

[dahkness]

Not so easy now is it?

Everyone is always so quick to hop on the MS bashing bandwagon, but as you can see, its just not so easy to make an application 100% secure now is it? When something is under the scrutiny of billons of people, even a browser made by The Almighty himself would still be exploited.
It seemed everyone was SOOO quick to talk about how great and secure firefox was back when it was released. Same with mozzilla, netscape, opera, etc. now look at them. Yet another browser thrown ontop of a pile-of-crap browsers.

IE is still the god of web browsing for end-users in Windows. If you cannot figure out how to use it securely and correctly then you should not be infront of a keyboard; Youre slowing down our bandwidth.

[dysonl]

Darkness

Your userid should be "darkness" as you seem to be in total darkness.

No one reasonable is claiming any software as 100% secure. Like I said in another post, it's about how many serious holes a software has and how quickly it's being patched. In that regard, Firefox has the upperhand compared to IE.

Besides, Firefox is lightyears ahead of IE in turn of customization and features. Anyone who makes the laughable claim that IE is the "god of web browsing" should not be in front of a keyboard; you're lowering the average IQ of the web population.

[backgroundnoise]

Not A Strong Argument to Use IE over Firefox

I don't think Firefox users switched from IE because they felt it would be 100% secure. Instead, I think they switched because it is tested to be faster and more reliable than IE, as well as the open source community's involvement and approach to timely security fixes/updates/performance.

[System Tyrant]

Sure it is.

People bash Microsoft because of personal feelings toward Microsoft. Just because Firefox isn't "100% secure" doesn't change the fact that a lot of people don't like Microsoft.

As far as IE being the "god of web browsing". Well, I suppose if you believe that then that's your right. I'm sure a lot of other people feel the same way you do. As for me, I feel like IE6 is a junk browsers. IE7.x shows more promise, but then again so does Opera. I say use what you like.

My only real complaint is that I can build a web page that works fine in Firefox and Opera, but always renders like crap in IE. Fix it for IE and it lessens the effect in Firefox and Opera. My only other real complaint is websites designed to only work in IE. In my opinion those who develop IE only pages are hacks developers or they work for stupid people (since I'm sure most of them do as they are told).

My opinion: IE is crap. Firefox and Opera rock. Remember though that's just my opinion.

[Bill Dautrive]

Dee Dee Dee

IE has 10,000 flaws to every FF flaw.

No software is perfect, but IE is as far as you can get from perfect.

[cranbers]

not for profit vs, for profit

Ok lets put it this way, your web browser is being paid for by every user. It comes with the operating system over 90 percent of all computers users are provided with. How can you compare that to a web browser that was picked up out of the grave and was brought back from the dead, and is now the most inovative fastest growing browser on the net, is contantly being updated and is coming out constantly with new inovative features. I don't think we can say that about IE that MS left for dead, because they won the browser war that was hardly a fair fight to begin with.

[cranbers]

not for profit vs, for profit

Ok lets put it this way, your web browser is being paid for by every user. It comes with the operating system over 90 percent of all computers users are provided with. How can you compare that to a web browser that was picked up out of the grave and was brought back from the dead, and is now the most innovative fastest growing browser on the net, is constantly being updated and is coming out constantly with new innovative features. I don't think we can say that about IE that MS left for dead, because they won the browser war that was hardly a fair fight to begin with. Let's also not forget to mention the developers for IE and Windows most likely make over 6 figures a year. Now does it sound like they are doing their job? I think not. So let's just put it that way.

[Tanjore]

Cannot trust IE or Firefox

I was using firefox because IE had so many holes. Now firefox seems to have same problems!

[unknown unknown]

RE

You're not going to find any useful software devoid of flaws.

[dillergaff]

trust who ?

months (sometimes years) with known, admitted to, flaws in IE, active exploits

Firefox patches some flaws, then publish what they patched...

a 500k patch in Firefox fixes 20 flaws....

how many hundred megs of patches have been put into IE ?

nuff said

[Dean_Ansari]

Check out Oxygen browser - free of security Holes

Check out Oxygen browser by NetDIVE, it is free of security Holes that plague IE or FireFox:
<a class="jive-link-external" href="http://www.netdive.com/htms/products.htm" target="_newWindow">http://www.netdive.com/htms/products.htm</a>

And it is Free, of cost &#38; advertising.
Also it is very fast because it does not have extras you don't need for web browsing, such as email, IM, etc., which BTW are one of the main reasons IE &#38; FF have so many security holes.

Cheers :)

[dysonl]

You're Simply Naive

It's not about which software doesn't have holes and which does; it's about which has fewer and how quickly holes are being patched.

[dysonl]

You're Simply Naive

It's not about which software doesn't have holes and which does; it's about which has fewer and how quickly holes are being patched.

[Tanjore]

Cannot trust IE or Firefox

I was using firefox because IE had so many holes. Now firefox seems to have same problems!

[unknown unknown]

RE

You're not going to find any useful software devoid of flaws.

[dillergaff]

trust who ?

months (sometimes years) with known, admitted to, flaws in IE, active exploits

Firefox patches some flaws, then publish what they patched...

a 500k patch in Firefox fixes 20 flaws....

how many hundred megs of patches have been put into IE ?

nuff said

[Dean_Ansari]

Check out Oxygen browser - free of security Holes

Check out Oxygen browser by NetDIVE, it is free of security Holes that plague IE or FireFox:
<a class="jive-link-external" href="http://www.netdive.com/htms/products.htm" target="_newWindow">http://www.netdive.com/htms/products.htm</a>

And it is Free, of cost &#38; advertising.
Also it is very fast because it does not have extras you don't need for web browsing, such as email, IM, etc., which BTW are one of the main reasons IE &#38; FF have so many security holes.

Cheers :)

[dysonl]

You're Simply Naive

It's not about which software doesn't have holes and which does; it's about which has fewer and how quickly holes are being patched.

[dysonl]

You're Simply Naive

It's not about which software doesn't have holes and which does; it's about which has fewer and how quickly holes are being patched.

[KsprayDad]

FF is just fine.

I will continue to use FF given that the Moz Foundation does seem to address security issues quicker than MS and I like the ability to tweak with addons that are not spamware toolbars.

I'm not married to FF but until I hear that it is critically worse than IE I'll stick with it.

[john55440]

FF Faster, Better, More Advanced

Security issues aside, Firefox makes Internet Explorer look really backwards.

[KsprayDad]

FF is just fine.

I will continue to use FF given that the Moz Foundation does seem to address security issues quicker than MS and I like the ability to tweak with addons that are not spamware toolbars.

I'm not married to FF but until I hear that it is critically worse than IE I'll stick with it.

[john55440]

FF Faster, Better, More Advanced

Security issues aside, Firefox makes Internet Explorer look really backwards.

[n3td3v]

US-CERT

This is funny. These guys take so long to give out warnings, that if an attacker was going to use the vulnerabilities, systems would be compromised already. Its like that with all their stuff. Something is post on a mailing list, then 6 days later, U-S CERT are telling people about it. And then, we've got ZDNET, reporting on something U-S CERT published on Monday. This is now Wednesday into Thursday now. So, the whole U-S CERT alert infrastructure, from those guys deciding something is a threat, to rolling out their warning to people, and then onto the Media to let the masses know. Its all too long, if there was a real threat, how the internet would be shutdown by now. US-CERT need a big rethink into their public warning system and coordination with the media, if they are to be affective, when really critical attacks become reality. Thanks, n3td3v

[backgroundnoise]

Mighty Morphin Power Rangers?

Maybe we should hand over the responsibilities currently held by the U.S. Computer Emergency Readiness Team to the Mighty Morphin Power Rangers! It seems like they have a better communication structure in place.

[n3td3v]

US-CERT

This is funny. These guys take so long to give out warnings, that if an attacker was going to use the vulnerabilities, systems would be compromised already. Its like that with all their stuff. Something is post on a mailing list, then 6 days later, U-S CERT are telling people about it. And then, we've got ZDNET, reporting on something U-S CERT published on Monday. This is now Wednesday into Thursday now. So, the whole U-S CERT alert infrastructure, from those guys deciding something is a threat, to rolling out their warning to people, and then onto the Media to let the masses know. Its all too long, if there was a real threat, how the internet would be shutdown by now. US-CERT need a big rethink into their public warning system and coordination with the media, if they are to be affective, when really critical attacks become reality. Thanks, n3td3v

[backgroundnoise]

Mighty Morphin Power Rangers?

Maybe we should hand over the responsibilities currently held by the U.S. Computer Emergency Readiness Team to the Mighty Morphin Power Rangers! It seems like they have a better communication structure in place.

[n3td3v]

Secunia

Professional scene ****** at their best. And paying big bucks to spam Full-Disclosure mailing list footer message, just to get some web traffic, for people to read their verification of third party disclosures. These guys have as much credibility as Robert Lemos talking up Matthew Murphy, some college kid who blogs a lot.

[n3td3v]

Secunia

Professional scene ****** at their best. And paying big bucks to spam Full-Disclosure mailing list footer message, just to get some web traffic, for people to read their verification of third party disclosures. These guys have as much credibility as Robert Lemos talking up Matthew Murphy, some college kid who blogs a lot.

[n3td3v]

Secunia

Professional scene ****** at their best. And paying big bucks to spam Full-Disclosure mailing list footer message, just to get some web traffic, for people to read their verification of third party disclosures. These guys have as much credibility as Robert Lemos talking up Matthew Murphy, some college kid who blogs a lot.

[n3td3v]

Secunia

Professional scene ****** at their best. And paying big bucks to spam Full-Disclosure mailing list footer message, just to get some web traffic, for people to read their verification of third party disclosures. These guys have as much credibility as Robert Lemos talking up Matthew Murphy, some college kid who blogs a lot.

[Dean_Ansari]

Check out Oxygen web browser - for security free browsing

Check out Oxygen browser by NetDIVE, it is free of security Holes that plague IE or FireFox:
<a class="jive-link-external" href="http://www.netdive.com/htms/products.htm" target="_newWindow">http://www.netdive.com/htms/products.htm</a>

And it is Free, of cost &#38; advertising.
Also it is very fast because it does not have extras you don't need for web browsing, such as email, IM, etc., which BTW are one of the main reasons IE &#38; FF have so many security holes.

Cheers :)

P.S., Sorry if this message appears Twice. Not sure the system took it 1st time.

[KsprayDad]

Anakooks at work

Another Anakook advert...ah well...

Any FireFox user (which I assume would be the majority of people reading this story) already know about the alternatives out there since they sought this one out in the first place.

Please stop advertising for Anakooky...its unpleasant.

[kathy_torez]

Thank you for oxygen, it really saved my life

Thank you so much for letting us know of Oxygen web browser. And thank you for giving it to the Internet for free. Because otherwise I would not have tried it and found out what a great browser it is. You see I have been having literally a night mare experience with my IE &#38; FireFox. 1st it was my IE that was wrecked by Viruses.
I tried all Spyware &#38; Virus removes, spent days on this and nothing. 2 minutes after launching IE the Spyware &#38; Viruses were back.
I even spent like $300 with geeksoncall who came to my house to fix the problem, but nothing, just a day gone and $300 gone :(

So i was at the end of my wits until i read about Oxgen and downloaded it. Now for the 1st time in months I can surf the web without having my PC attacked by pop up ads and other
strange problems that were really preventing me from accessing the web and getting my work done.
You wont believe how grateful I am to you for this free browser.
THANK YOU - THANK YOU :)

[Dean_Ansari]

Check out Oxygen web browser - for security free browsing

Check out Oxygen browser by NetDIVE, it is free of security Holes that plague IE or FireFox:
<a class="jive-link-external" href="http://www.netdive.com/htms/products.htm" target="_newWindow">http://www.netdive.com/htms/products.htm</a>

And it is Free, of cost &#38; advertising.
Also it is very fast because it does not have extras you don't need for web browsing, such as email, IM, etc., which BTW are one of the main reasons IE &#38; FF have so many security holes.

Cheers :)

P.S., Sorry if this message appears Twice. Not sure the system took it 1st time.

[KsprayDad]

Anakooks at work

Another Anakook advert...ah well...

Any FireFox user (which I assume would be the majority of people reading this story) already know about the alternatives out there since they sought this one out in the first place.

Please stop advertising for Anakooky...its unpleasant.

[kathy_torez]

Thank you for oxygen, it really saved my life

Thank you so much for letting us know of Oxygen web browser. And thank you for giving it to the Internet for free. Because otherwise I would not have tried it and found out what a great browser it is. You see I have been having literally a night mare experience with my IE &#38; FireFox. 1st it was my IE that was wrecked by Viruses.
I tried all Spyware &#38; Virus removes, spent days on this and nothing. 2 minutes after launching IE the Spyware &#38; Viruses were back.
I even spent like $300 with geeksoncall who came to my house to fix the problem, but nothing, just a day gone and $300 gone :(

So i was at the end of my wits until i read about Oxgen and downloaded it. Now for the 1st time in months I can surf the web without having my PC attacked by pop up ads and other
strange problems that were really preventing me from accessing the web and getting my work done.
You wont believe how grateful I am to you for this free browser.
THANK YOU - THANK YOU :)

Apples and Oranges of Open/Closed Source

Firefox = open-source transparency, more bugs discovered and reported.
IE = security through obscurity, more bugs hidden.

Firefox's transparency will ultimately create a far superior product, but not without a whole bunch of yellow journalism along the way. Apparently "Firefox crushing more bugs" isn't a sexy headline.

[aabcdefghij987654321]

Wow! A Non-Microsoft browser security issue

C|Net usually does the 'ol copy/paste of titles like "Microsoft IE security issues disclosed". How many times since the last non-Microsoft browser? 20, 30 times perhaps? Yeah, nothing is perfect. But keep the perspective true.

[aabcdefghij987654321]

Wow! A Non-Microsoft browser security issue

C|Net usually does the 'ol copy/paste of titles like "Microsoft IE security issues disclosed". How many times since the last non-Microsoft browser? 20, 30 times perhaps? Yeah, nothing is perfect. But keep the perspective true.

[aabcdefghij987654321]

Wow! A Non-Microsoft browser security issue

CNet usually does the 'ol copy/paste of titles like "Microsoft IE security issues disclosed". How many times since the last non-Microsoft browser? 20, 30 times perhaps? Yeah, nothing is perfect. But keep the perspective true.

[aabcdefghij987654321]

Wow! A Non-Microsoft browser security issue

CNet usually does the 'ol copy/paste of titles like "Microsoft IE security issues disclosed". How many times since the last non-Microsoft browser? 20, 30 times perhaps? Yeah, nothing is perfect. But keep the perspective true.

[thedreaming]

what's the point?

Firefox has automatic updates and so does windows. When such flaws are found, a fix is issued and is often downloaded and installed automatically. My copy of firefox updated itself so fast, I didn't even have a chance to find out why it updated. Now I know, but it updated itself a week ago and now is when I hear about why it updated?

[thedreaming]

what's the point?

Firefox has automatic updates and so does windows. When such flaws are found, a fix is issued and is often downloaded and installed automatically. My copy of firefox updated itself so fast, I didn't even have a chance to find out why it updated. Now I know, but it updated itself a week ago and now is when I hear about why it updated?

[booboo1243]

Not only that...

Not only that, but you can continue to use the same browser once you migrate to the Macintosh. =)

[backgroundnoise]

You Mean the PC that Runs WinXP?

Do you mean that piece of hardware that will allow me to run WinXP? :)

[KsprayDad]

You mean the one

that just plugged its own java problems?

<a class="jive-link-external" href="http://news.com.com/Apple+issues+Java+security+update/2100-1002_3-6062766.html?tag=nefd.top" target="_newWindow">http://news.com.com/Apple+issues+Java+security+update/2100-1002_3-6062766.html?tag=nefd.top</a>

[booboo1243]

Not only that...

Not only that, but you can continue to use the same browser once you migrate to the Macintosh. =)

[backgroundnoise]

You Mean the PC that Runs WinXP?

Do you mean that piece of hardware that will allow me to run WinXP? :)

[KsprayDad]

You mean the one

that just plugged its own java problems?

<a class="jive-link-external" href="http://news.com.com/Apple+issues+Java+security+update/2100-1002_3-6062766.html?tag=nefd.top" target="_newWindow">http://news.com.com/Apple+issues+Java+security+update/2100-1002_3-6062766.html?tag=nefd.top</a>