[ insider_reports_insider ]
Mozilla Sees Little Risk In Firefox 3 Flaw
David Utter
Staff Writer
2008-06-20
 Insider Reports RSS Feed
A vulnerability affecting both the latest version of the Firefox browser as well as the previous one, Firefox 2, poses minimal concerns for users according to Mozilla.
 | | Mozilla Sees Little Risk In Firefox 3 Flaw |  |
Mozilla security director Window Snyder confirmed the flaw, which poses a remote code execution threat. On the Mozilla Security blog, Snyder said they are investigating the issue.
"To protect our users, the details of the issue will remain closed until a patch is made available," Snyder said. "There is no public exploit, the details are private, and so the current risk to users is minimal."
A report from TippingPoint cited a flaw that had been privately reported to them through the Zero Day Initiative program. TippingPoint acquired the vulnerability from the researcher, and provided its details to Mozilla.
The security flaw requires user interaction, such as clicking on a malicious link. If people avoid risky behavior like this, the problem poses little threat.
Plenty of people picked up Firefox 3 upon its debut on June 17. Mozilla hyped the arrival as Firefox Download Day, where they sought and apparently achieved a world record number of downloads in a 24-hour period.
The event proved attractive to at least one vulnerability writer, with the flaw that was created gaining public awareness a few hours after the downloading started. As TippingPoint credited Mozilla's record of quickly responding to security concerns, we also believe Snyder and company will have a patch available soon for this problem.
View All Articles by David Utter
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
