This week in security

Multiple vulnerabilities that could allow an attacker to install malicious code or steal personal data have been discovered in the Mozilla Suite and the Firefox browser.

Ian Latter, senior security consultant at Internet security specialist Pure Hacking, said that most of the vulnerabilities are based on the way the applications handle JavaScript. Another issue could allow malicious scripts to gain access to random pieces of memory, he said.

As security bugs swarm around the Firefox browser, volunteer marketers want to shore up the open-source project's security message. While the Mozilla Foundation made patches available for significant new security holes, Firefox partisans finally acknowledged that the core sales pitch for their browser may be vulnerable.

"The versions of Firefox up to version 1.0.3 have had terrible security risks," wrote one participant for the volunteer Firefox promotion, Spread Firefox. "I think these security risks have undermined the promise of Firefox as a more secure browser."

A flaw in McAfee Internet Security Suite 2005 could let employees sharing the same computer break into one another's files, according to security consultant iDefense. The vulnerability, which exists in the default settings applied during installation, gives anyone the same access rights on a PC as an IT administrator.

That, in effect, would let someone remove any restricted access specified on a PC. It could also let an employee install software prohibited by his employer. An employee who shares a computer with co-workers, for example, could then access colleagues' files or install programs such as peer-to-peer software on the machine.