Germany Tells Firefox 3.6 Users to Switch Browsers
The German government has advised users to ditch Mozilla's Firefox browser until a security vulnerability is fixed.
The advisory was issued March 19 by
Legerov's exploit can be used to trigger a heap corruption vulnerability and can potentially allow an attacker to execute arbitrary code. The attack works against Mozilla Firefox 3.6, the most current version of the browser, but does not affect earlier versions, according to Mozilla.
Earlier this year,
"Switching your Web browser willy-nilly as each new unpatched security hole is revealed could cause more problems than it's worth," blogged Sophos Senior Technology Consultant Graham Cluley. "For instance, imagine how much training some users will require to switch from one browser to another. And it's worth bearing in mind - what are you going to do when your replacement browser itself turns out to contain a vulnerability? Are you going to switch yet again?"
Mozilla told eWEEK that it is aware of the German government's advisory and is accelerating the release of Firefox 3.6.2, which will contain the fix. Originally, version 3.6.2 was slated to be released March 30. The release candidate for the browser already contains the fix and can be downloaded here.
Thunderbird and SeaMonkey are based on earlier versions of the browser engine and are not affected, according to Mozilla.
*This story was updated to add a comment from Mozilla.