Page 2

By Matthew Hicks  |  Posted 2004-07-30 Print this article Print

Meanwhile, Mozilla said this week that it is working to fix two security vulnerabilities that affects all of its Web browsers, both its namesake suite and the stand-alone Firefox browser. Both vulnerabilities relate to the handling of security certificates, said Chris Hofmann, director of engineering for the Mountain View, Calif., foundation. Mozilla earlier this month patched a separate browser security issue. Click here to read more.
The first vulnerability could allow an attacker to point a user to a malicious Web site where the content appears similar to a trusted site, such as a bank site, while using the security certificate from the trusted site, Hofmann said. It could give users a false sense of security.
The second problem could entice a user to accept a malicious certificate that would corrupt a users other certificates, Hofmann said. Hofmann said he knows of no active exploits of the vulnerabilities, and security researchers have rated the flaws as moderate risks. "Were just trying to stay ahead," Hofmann said. "A number of small issues can pile up and be used to construct a more extensive exploit." Mozilla plans to issue a fix next week for the security flaws, either by issuing updates for both browsers or by releasing a security patch, Hofmann said. eWEEK Labs Jim Rapoza says Mozilla is thriving in its comeback. Read why. Netscape 7.2 would presumably incorporate the fixes as well, but neither Mozilla nor AOL officials could confirm whether the updated Netscape browser would include the security patches. Check out eWEEK.coms Enterprise Applications Center at for the latest news, reviews and analysis about productivity and business solutions.

Be sure to add our enterprise applications news feed to your RSS newsreader or My Yahoo page

Matthew Hicks As an online reporter for, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel