The Mozilla Foundation has said it is "working aggressively" to fix two flaws in its open source Firefox browser.

The vulnerabilities, reported on Saturday, were identified as "very critical", but no cases had been reported of them being exploited.

Several security firms identified the flaws which could let websites run malicious code on a person's computer.

Mozilla has responded by changing its update service and says people should temporarily turn off JavaScript code.


Manual downloads

The first flaw reported fools the browser into thinking software is being installed by a legitimate, or safe, website.

The second flaw happens when the software installation trigger does not properly check icon web addresses which contain JavaScript code.

A hacker could potentially take advantage of the security flaws to secretly launch malicious code or programs.

Mozilla advised people to download add-ons to its software manually from the Foundation's site.

Danish security firm Secunia said called the flaws "extremely critical" because cookie and history information could be used to get access to personal information or gain access to sites previously visited.

The Mozilla Foundation, which developed the browser, said it was working hard to provide a comprehensive and more permanent fix for the problems.


Main competition

Last week, Firefox celebrated its 50 millionth download since its official launch in November.

Firefox is Microsoft Internet Explorer's (IE) main rival in the browser market. Many like it because it is easily customised, and others say it has fewer security flaws than IE.

Being open source means people can adapt the software's core code to create innovative features, such as add-ons, RSS news feed readers, or extensions to the program.

The Mozilla Foundation was set up by former browser maker Netscape in 1998. Netscape dominated the browser market in the early 1990s.

Microsoft releases its next-generation IE7 later this year which promises to be more secure.

1.04 is out and fixes this I am told.

More secure my butt! Everything has vulnerabilities...

:roll:

even bunnies.... :?

Yep, everything has vulnerabilities because it's written by humans and has other humans trying to break it.

But, the really great point here is that when a bug is discovered in Firefox - IT IS NEWS! When something like this is discovered in IE, it's added to the list and will be fixed maybe six months later, maybe a year later when the next patch is released. Most users won't even hear about it.

Also, being a particularly dark and cynical person, I would not be surprised if a certain software company based in Redmond who are losing market share to Firefox, were employing a number of people to actively search for bugs/problems and then make sure the world knew. If I were a large software corporation with a history of dodgy moralistic business practices, I'd be doing that!

lol flash and spot on matey.

I doubted FF for a long time but must say it's a superb programme.
the auto pop up bloacker alone is worth a download and it works 95-98% of the time - some popups are just too determined to get thru'.

I think Xephas comment related to the last line of my first post, he was I believe referring to IE7.

even bunnies.... :?

Let's feed this spambunny lots of junk food, so we can roast him spammy butt on Christmas :twisted:

I think Xephas comment related to the last line of my first post, he was I believe referring to IE7.

Not quite... ;)

It just so happens that I don't like firefox very much. :twisted:

It has potential to be a great browser, but in the past people have touted it as being better than IE, for many reasons, but mostly security. This is clearly not the case. Everything has vulnerabilities. They are found, they are patched so before anyone starts, lets not get into a debate about which is more secure. :P

Properly configured and with a firewall and web proxy in place, I have neverhad a problem with IE. So I don't know what all the fuss is about... I may come back to Firefox in the future - when it's finished...

Internet Explorer Forever! :twisted:

P.S. I hope that doesn't come across as ranting, I just wanted to explain what I meant. :)

fair enough :)

i couldn't live without tabs now though

All down to personal taste, but even if you throw the security aspect away (although FF's fix-rate for discovered bugs is hundreds of times faster than IE's could ever be due to the way it's maintained and released)...

I love Firefox's usability. Out of the box it's good - tabbed browser, adblocker, popup blocker, all very lovely things.

But! Add some extensions to realise the full value of Firefox.

Some of my faves:

Linky - Drag and select a bunch of links, right click, open them all in tabs. Or open all links on that page in tabs or new windows, OR download all links as files. Awesome for thumbnail or gallery style pages.

Session Saver - A copy of Opera's great widget that restores all the tabs and sites you had open when you closed it before, or if it crashed.

Stumbleupon - Also avail for IE, but such a great timewaster I've got to mention it.

ForecastFox - I have local 5 day weather forcasts in my toolbar. :)

If you're a web developer there are a bunch of great tools that make things much much easier and faster.

Switchproxy - Anonymous browsing easily...


I think Firefox has kickstarted a huge re-interest in how the web is used. By allowing an easy interface for user extensions it's harnessed the imagination of thousands of people who, because it's open source, are willing to work for nothing for a great product. And by improving an open source product you're not lining somebody else's pockets like if you were adding features to IE, even IF it had an extension system.

There are many many reasons to use Firefox beyond the "it's more secure than IE" (which it is without doubt). IE can be made reasonably secure, but you're always further behind publicised exploits than a faster reacting dev/release product.

i once thought id compare internet epolorer and firefox on security when i stumbled across a dodgy site, on firefox i got a virus on clicking a link within the site, on IE i got one simply upon entering the site in the first place 8O as well as the before mentioned virus by clicking the link. not much of a test but it convinced me, id be lost now without tabbed browsing not to mention pop ups and basically u can do what u like with it

And remember, Internet Explorer is brought to you by these people:

http://www.msn.co.uk/thoughtthieves/

Check out section 7 on the official entry form for extra giggles.

Because FF is becoming increasingly popular, it would make sesne that more bugs in the code are found. However the last 2 "bugs" were squatted within days of being found. Microsoft aint that quick are they?

http://googlefight.com/index.php?lang=en_GB&word1=%22internet+explorer%22&word2=firefox

"internet explorer" 93,000,000 results
firefox 50,000,000 results

No contest! :twisted:
:lol:

Davis is correct in noting that internet explorer will allow nasty code to be installed "silently". If his anti virus software had not been up to the job he would have been in serious trouble. FF always asks before anything can be installed. As firefox is open source, there is a worldwide community of programmers working on its development. This results in bugs/faults and exploits being resolved quickly. This problem in FF was resolved in under a week. On the other hand microsoft only release their patches on "hotfix day" ( the second Tuesday of every month ) so it could be four weeks if you are unlucky and by then the hackers will already have code out there to attack the vulnerability. Unfortunately microsoft are not that quick, it is currently taking them about 6 months to release patches for their faults. Hopefully everyone reading this has a legit copy of XP and has SP2 installed. For window user's that have an unpatched version of XP things are pretty scary indeed.

~Shad

[09:29] <Flash_> !googlefight "Internet explorer, the browser of evil" Firefox
[09:29] Pengbot> GoogleFight: Winner: Firefox (61 100 000 hits), loser: Internet explorer, the browser of evil (623 000 hits)

thats what i was trying to say shad :lol: