banner_default.png

We've Relocated!

We've relocated our office to Sequim, but we're not gone! We welcome you to register with us to access our updated contact information. Also, as a registered user, you'll be able to learn more about our newly-implemented LogMeIn Rescue service, which enables us to solve many computer problems within minutes of your call! Register today!
Firefox Flaws Good for Open Source? PDF Print E-mail
Written by Jason of Enterprise Linux   
Wednesday, 06 April 2005 09:16
The recently discovered security issues in Mozilla Foundation’s Firefox Web browser should not be seen as a problem but rather as an opportunity to show the system works, according to open source advocates. A controversy erupted this week over Firefox security based on a report from the Danish security firm Secunia, which said an error in Firefox could allow hackers to gain sensitive information.

While some software experts question Mozilla’s ability to patch up vulnerabilities in a timely way, others say the whole point of having an open source community is to address problems without having to have developers reside under a single roof. So far, open source software, such as Linux and Firefox, have been marred with fewer hacking episodes, but security professionals point to the fact that open source products are not prominent targets of attack -- yet.

Turn Off

The Firefox vulnerability appears to have been reported last Friday. According to Mozilla’s Bugzilla Web page, it was resolved, although Secunia issued two advisories Tuesday for the Firefox and Mozilla Web browsers.

Secunia’s report says the vulnerability is due to an error in the JavaScript engine that could be used to expose sensitive information. Secunia recommends that users turn off JavaScript support until a patch is distributed. The company provides a test on its Web site for users of the browsers to discern whether the vulnerability affects them.

Open Swarm

Mozilla says it is currently working on an update to its earlier fix. The organization says the vulnerability has not been exploited on the Web. A hacker would have to lure someone to a shady site to successfully exploit the fault. Mozilla also says the threat is not present in Thunderbird, because the application does not run scripts in e-mail.

The publicity surrounding the JavaScript flaw shows “the open source system is working,� said Greg Minchak, director of external affairs and an analyst with the Open Source Industry Alliance.

“Unlike some software companies that sit on vulnerabilities until they get around to them, the open source community swarms to a problem the moment it’s made known,� he pointed out.

Some industry experts have suggested that Mozilla lacks the resources to fix bugs in a timely way, but Minchak disagrees. “Many of the software engineers who work on Firefox and other open source projects are paid employees of companies that want open source software to succeed.�
< Prev   Next >
 

Channel Watch

Shoutbox

suzannah says:
2009-01-01 05:01:39
HAPPY NEW YEAR!!!
Suzannah says:
2008-12-24 20:57:30
And to all a G'nite
Suzannah says:
2008-12-24 20:56:57
Merry Christmas!!
Suzannah says:
2008-12-24 20:56:34
Merry Christmas!!
Tim says:
2008-12-24 00:06:50
Merry Christmas!
I've added some music to the site per the video!

!Warning! JavaScript must be enabled for proper operation.

Who's Online

We have 11 guests online

Repartee

Error Haiku #7

Stay the patient course.
Of little worth is your ire.
The network is down.

Local News

The Forks Forum
The Sequim Gazette
Peninsula Daily News
Peninsula News Network

Local Links

Movie Schedules
Bus Schedules
Weather Reports
Road Conditions
Washington Road Temps
Ferry Schedules