Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


More Security Holes Found in Firefox



 By: Paul F. Roberts
2005-09-23
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Symantec reports that 18 high-severity vulnerabilities were reported for the Mozilla browser in the first half of 2005, 10 more than reported for IE.

The latest security holes found in the popular alternative Web browser Firefox raises yet more questions about its vulnerability. Security experts warned of nine security holes and posted an example of dangerous exploit code affecting the browser.

FrSIRT (French Security Incident Response Team) issued an advisory Thursday for users of the Mozilla Foundations Firefox browser and Mozilla, just days after the Mozilla Foundation issued the latest in a series of patches for Firefox that plugged the holes.

Firefox security holes fixed. Click here to read more.

Internet Explorer controlled more than 95 percent of the Web browser market at one point, but has steadily lost ground to Firefox in recent months to take advantage of innovative features such as tabbed Web browsing, and because it was believed to be more secure than Internet Explorer. Firefox Version 1.0 was released in November, 2004, and has been downloaded more than 90 million times, according to the Mozilla Foundation.

The browser owned seven percent of the Web browser market in May, according to WebSideStory Inc. of San Diego, Calif., which makes marketing applications. The Mozilla Foundation has issued a number of fixes for its products in recent months, including security updates in October, February, March, two in May, July, and September.

Last week, Symantec Corp. said in its semi-annual Internet Threat Report that the 18 high-severity vulnerabilities reported for the Mozilla browsers in the first half of 2005 was a worse showing than that of Internet Explorer, for which eight high severity holes were found during the same period.

However, the increase in holes and the availability of exploit code havent yet turned into widespread attacks on Firefox browsers, said Johannes Ullrich , chief technology officer of The SANS Institutes ISC (Internet Storm Center).

Resource Library:
Firefox gets another security makeover. Click here to read more.

ISC has not seen evidence of Web based attacks targeting Firefox, though it has collected anecdotal evidence of such attacks, such as Mozilla browsers crashing or acting funny when they visit a Web page, Ullrich said.

Still, the lions share of the attacks on the Web target Internet Explorer, often by targeting vulnerabilities, like a flaw in the way IE handles the IFRAME HTML tag, which Microsoft has patched, he said.

However, the Mozilla exploit code released this week is powerful enough that attackers could soon begin programming Firefox and Mozilla browser attacks to run alongside IE attacks, Ullrich said.

"The exploit provides full, user mode access to vulnerable systems," he said. Attackers use such attacks to take control of vulnerable systems and plant keyloggers, backdoor "Trojan horse" programs, or remote control "bot" programs, he said. Firefox users are advised to download and install the latest patches: Version 1.0.7, or 1.7.12 of the Mozilla Suite, from the Mozilla foundation Web site.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: More Security Holes Found in Firefox
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}r8s;iW1ŋ:dK.kڶ<<ջ $)CRս~fMZڳ[(["2H$|Aȹ3&9)ٝ O,zIj|݇PBezAUM JԶO7RM3ة /4w7vGlJ AT{j xL5uI]ٚc7h2)Xm$(kzZC'AjZw$6(GJ{8KE!@׶#շ(>rP ߩUaNé-}!*{>$J%hGQu a};/ !X]D4!ڮq 4]b'*cO^3j `㥨 aP`\9t} ^- G&lw"ScO$ӡNfI%p/0Q#@ڮSTHfFԲ;o tG ob=uק&Y! bS 3MuN_FBS Ig%KaW)Kk0~b[4I܃N8CEnOU[۾twgyHfnrt9a&ԃ C(p}=\'BL|:/Eӝfؖq[th(푦ZMQJʁp,^/[,\hӟoz_{JE4E9]vή $(֝[p miu]+i0n{'q@α{A~$?Fj}&KDeR)i& 0h!5&tt<_B^,9@FI?nn9?(ivdڑf1{Pd!XI#/YTU9@f9-Ҿ췯;6OΎ;Sdo̲1<jUӀ* ~Jw3B~ V7ke{#kj{ _ܙOtHM Wh:s0N[_lxmuH0kh`cRV> ?'/Wm2 ᭫ORdt"˭~qN X-t[ۗRH }c-? ,_0f k$LJsi)":u P;|sNm҄& 9B:%ϙuW/7>hr ^@e)#8?݇IhJq䨉kYSl؅ R揇4eOՋ,}Et"Aͩ8 .+J!bN3E !\J!=! g|8Jn.b? [&Ǩfuٜ҅%]WeLQcL\zfuEzW^?]{6LqJjhX.B2iKB0qkꛛZrϏR}xQ9PߢW, FKP̶#ؠe)u{yNNR'})5ٴ>'4}t>'჎$>h&ƋCriYnL,rӇtw4AN{ݧn]=&tfo/*Abχ& ahMi F#m &>vl 8d $(s>w[L,)0( JC=ˋF0P6 = 2/?>aCxwݐ,P}@=XS9;ݲeǀԜ:r%Ea1CDȧ$D!-i]R@Az8 -,rr<  #!be6ODs@PGҹ;vjPG;7 {TKh!+K@fsfd(4{~4 cbB|#'fXr`Y \d+|i)lb ը6؛ʑTj鈦 2,XCtH{!4ӇiЈ4XĽǦ笳5SN`cܒn̜07ÚL ~Dg詅m>`T4fs)wdmrn)\Лvs9n$!+xWY 2gdRUyqtʝ+PXY3n2>=MJ=""ǰ@7Z`N)^HISНj!D9z٧l)s-$֒eۏRumb$l =Ұ.Z.!d[}aa6E]Q^RKHD@CR)ҵ ҊaY^`(tM̆ТAچxTSku  XTM.r_`}dҶjeMѪ٫ X3ld tAqFAݔ`@ELl5TW)թz@4}&/H{{L-ϐ‡rf>G) z7HhТ0T]2akRhjMMaf(0q |0b=9ߟ{8[=z,.K i{y]ؕ.R\|znN >0z4'Z>pd`/R=:uouj)ՃI ,䧒RVJ~&[b"ud\6˰@eִ &;rm۽' zfdݙ(yRrf!9֐I4$\* ؕGQ/AY@Y*#܊k Bo` 12l3u/.zr|tݱM% y<_RJ'3?CU^oVRw,"jTUjSCjzVUg7 #SO@X5ǁ;翢7~2Ms`@o(gn-%W'שXT8ᄱe1o0kfW S#S@)ӔgDF(/9 .KTNj siz4_n?9!'3}&mno^D{y<۝ErN?dZIp|avKrekH˷bgfitLeb`l "Z`|i/X`&c1 s*? |l3pڳ`Mɧb_;(Xcփ0 JǸ}3OnyUc6~zzi0bZ`{7=;%(4OQ4rRl2~6P"lֳ>A>qHlw\O//n'U`9H9n7=Rr 2=cte>ugcՏ'8,*z)TʌY_P@hO \ k88ŤD2I*"EeR 8NY XLj{[S?Bւ%V02DB(}ƾnRyQrZ#:j}$>JSOiTj4JRU-+)CoED\v[%/&he~6%Kf?ͥZ5?c DsBx`fKܥ@vܖ[J,]A> Ba u( =6Q;o^!c̞Òf&s,*.ҞIG:-efF*ݔ[YjsVR$gI#cg?fmE:Jb{I2N=ym5umf`<#ɟ?9pw@7|R'o6*];_ 1 4G\0B_==bH%~W9@` |RQ*GrF22@BZNbx<'b{H 'n0wLaV*7oA!RēC$ |Cʍ D;}ZTa&3 111u?|{qiwozՔGP@/I6\S.:;bd~G]ItM?;$%Sv/is0q3љnt/ 39kw><{=kq 4 }U\8$#_>^w?]EcMqr`SR=h3 J@cG$bw}WrzjZˏ5a=;oF"^9 ys)d}=^xGsٖҽNWs5ADHC䄬W!yNFS̠o2XGzz0<㥑a3+"APKվ̂ Ӝ4"Z?N3bn *qZ9ºUXȬE`&|CL($T0r$`$X)XAU:]7G:Ky6P^S(+RJ"4FYO |Zu3_f Rt4zUr:Pע~}##+y-EY-Vyғ;q9z])yLU9$gE_A=?rT%}ݝ:V88FHS p'#9ʼSs`Z/ GW .[ vgNأ&k{?d̎%Ƅ{`sBk4GלO(|si9<3m~`'6"%U/\s")Xf>VAv,x\J|[sF.Z۽uڻue'3 CݿNvA]iNw7UzyZ J~l't:D(jE[e{wC9Ȫ̅S.{R؉~'g#3^q:-: `tH_/lFǵ4/ Z2fP:9G׍[sgcz0[v}U"㛟u?2ie~WJ]݅i}E)]K5"vKJ*IɧyuQZSDD6Kh#iv.R_;+!bi V2&qFL=9bd[~l3e-X6^؋e *[= 6>G| gX6CcB.0%F-@'5xSd^Xғ\SNUA; X.0Id<Nt|>' 2(6^Ҥp wY0FE Tb^Zu*t}h'&aJ??+y&;of1 [9 Cq$e X16jZc鴋FكI썙턷(2&-Ftute 2.yMh4q uGCxWӔ׆.HlX@8X=`[qntT?ۧiUlPT D_p'J|.5_Mv6{,y"ǔgkNg{ٞ2鞲U0[gΓ )&!h 6ÁL\q9T^pa(ӈVxrjp}j<8?n[4Kg=P-`@ KA}u^9(vO;A/jDi ԥ!aJ4˕f S *R"Pq%HWfR4sҩNw =e[ϥrUZ1%haHHx O!q3 IQ,#p+pol^J|@;uIU%>}/ w˶u4TEx6p(/ &oASm:TJhJI M#XDӧl[/iڦ<[z)eYyCEz0E H$]ܯ0̑N]?zSRZVZDr8I8K$ZDШ񌗷״\⚶k$ GF'ɇH4AW^Nm^*JJ9Qxt$OH=ߖ}JEDzaz ZڔC/o  J}3\VTg`$–xfzc )A3^~MWcgP6EMsbm݇=Bz*~S!<ŻDKػD8F6s+@/"zݦn"N ]@f֫.;>?p{N@ŷqi 4Oؠ҆bL--*nsNYZI .Чp͸]_EgH EA0pO-r6GM 9^"nu;5o95lU@6dko1s_v^JxImĆwŶoenZc-p`_iGk(R&:(3u#&^ lW:~{c",̫$}+j1%1Y~GjwOQ5FI^.f(Dt-oqxѴlh 03.N-£EBQo|֊OZYΞCm%<{6ͨ,$tIz iHQ^EO/ :â?"LamLߣ]f-Y (oCu&.>[ya鏩{}D#? K&*5\?ԝBSTC䉯ZH&oD#ঐ_|~xA UM:@+ٝ"=fw|#BbDݵgۼZ-#Ll䏅B/o.He _M!Aa{D0 aB6ķ}MDr viSz@YmӶ,15ve1h}P2D# %17e(=c$pGs8RG5Śx? KE4J-="@Ÿ Rxc) +hWxB,3xczC0jsh*b4KB-'*5}L16P%` Zk^gYr+Șz~b=! c⽷TAN9=S5RUBI U|^?}95hCy?Vz^3!=Vn&+kxzJ2Ko^;C'ܬDMe- ܮǞܐ_mQNa TX:oX9(-^a̷UKphkY\L-WK+ `Q)D$Rx7xo/e5!oI{u >9b١әm]0ډJ r3RmFΝz_a~msι vaeY 'xfVؖUm}qV.R)q2ə莥#zq_/Hk7"Y lgE zJ&Ӆ߃zZ#ZIIhf5J;Y]|_%ƄSO L5! H!YYv' o.'>1Wv/>VHՔGod}extJ"0r[-'iAD阎&}&`Cqrtw%eRS{ٓ{18G_ 6f^zGZQ)MG)*}o cb2zވj8pb XZ`Oh$}b S"uFf!&T) $`mv9'yo_*!lC LGJXȟ]@Sы Q)~B6uE)dY"aK9.gXuh`6zSp%A HSvoQor}S1";9'pp\pr(@KK+2&Bs879}tvnOKZ&9a k(E$cyv]n#BLk43DDc^r {fĔy^:<6tB#+&(?,p֋D {GLƙ;fSZ,Ws҃PyTH"0XJwCS "PF: 1Cx^jJ͍$u~fvK"(3[]ă0>]S(OpW'NC<l8B̑kQ.閣zUQpV#ߛ~Sg8 Xں9P(lkEߢԲQq{sپ\Y10kyl2/*f(H^6/NQʩ`Sg̵,<^;KwE Gcqq^ JwO|?Rf}Y QJNi21Sl۽OֆCyƫx]jy5s·mzfx9n0CP܄qP b>^ Ȥou9@/9B9P~ )By794hsOd})4>sZ_~)4:;B)ureN9_z//Pe}9?ρ]"g|./E|E}/>9/r ϋD3)?Ar/"2g|/A~.s2gnN9 _?r ޿y:z/??}P9g@M^9M@79_zyʛ9rּ…)rq/ 苼 Oy射<)?}VQ<_`kW9t _r̭L_;W'Vz]!,.5PW[k /YSݲIլ 6 }斷ExvY^]Yj7-P/YCIsDgev' AѺ`*O WY6-KaaP$П}xJ'܌3:X';/ii__6W͏mЙM%a]eGӰXS/Us !Qa7Ejorx s)螩z$oF {4"Θ?́a[@R'o6*VZ;_5 #O1Q5YUdF*j堼_,)g /(@#غ7M{%}C7":fȳRLq u+[ %<tl͵YU|y3 aw8c+x;H@0~Y8P&`!؞.F^͆$w `1ǤK4l"Klɜ]k'b"'mgR&Lr*S$W!7qަ@ C!-x uY<X!ꞠW/нtLdp!gB-ҋKl!WPeD˺U{ :~ sf:aKƘS DMKIn_!x@[`{ lg X.42GMDxaw./ ]  ŃI`a\m8ζI8q0>fAZ/`51{51H JxL´k:#hOn3E ~*m :o1I55~ɱ ( V kDF(l#byCܞ0۰܉L -f!)gxp1d`6Nώ;]95 Wuu;25xR Hv2yg!-+00ƚ K:D >`/&?\vRi dl(3/BlKV@U}C 1*{ԟ1rnoz^DbtΆb'O$uI޺fRRΥJu^m }c"1b9?"ㅰx!ZQy|XT ,sD<>K:S3U)ւ_/gзǁ/K{KV9((& ]a1W%$rnR/9"% oPmJ0K`{ ,CR6LN>Nc? `vwj9c˖) Mm+#84">ܼlQF޺%qm.; +C&bz:SAW (9|d@NloMûkmj_ԕU`7g#~*3VœA>p8C3`ܐ}olI C_x r:Y W96J3-  `ꎈM6iZDR*,Dl'f , ~sf㿶 (@P W91"uz ?;<v;fC &+_2uE>v/-ǬJ~S.u 7tle @J@ D\,)^`y%K@44{WG5-E6<]܈x~{ݾŀ gkOUx.XURM)X7lBTFM¶":qpxm;}k{&*l+k[ȅnTxI;s__@>{zw1G[0rczzwY=W ɴ{%̅2 !ɴZxyU~ҥN.I,g`aQd+$*)ؐ kpʜ"@a)5BLN7 S 3pRaL $b[и{]9,MclRc9afr[W`0Z.<',(`,{fٵBZKGnrmm{ )60Ä "5roq=}eיJ؍pKg8g!(X^ZLT/>%h2b5g_yfϸȅ^`\YG7^y{b`!˾tڼ9!3M*`΢gGί>!2T!6xvYpEI{şy˖UQ- Q{jgA0}U\~LWzvC&ȕ/g2F#|oUAYf]*Z5Nj|ӷۊ#iQg8&rYOZiKmw>8n~뉘h6JM? ۔̡9MR"Zi/!zR<>էr09d֊V&|&Z2cˤ_ l_2Q7\)