Thursday, January 06, 2005

Security flaws in Firefox & Thunderbird

Infoworld reports some vulnerabilities in both the Firefox browser and the Thunderbird client. Only older or non-current versions of the software are affected, so if you are running the most current versions, 1.0 for both, you are not at risk.

"Firefox and Thunderbird are affected by less serious problems. The first is a vulnerability in the way they store temporary files -- the files are sometimes stored with predictable names and in a format that allows anyone to read them. This means a local attacker could easily read the contents of another user's attachments or downloads, according to researchers.

Finally, a Secunia researcher discovered a way of spoofing the names of file downloads in Firefox. A malicious site could use the bug to disguise the true nature of files the user is downloading, or to get information on the presence of specific files on the local system."

While I find it concerning on one hand that folks are trying to find holes in the Mozilla open source applications, there's another side to the story. These efforts underscore the fact that the Mozilla applications continue to gain a strong following. One of the reasons that Internet Explorer is attacked so often by hackers is that it's the most used browser. Let's face it: if you were hacking software would you target the software with a 90% market share or the 10% market share?

Click the post title for the full story.

Trackback links


Post a Comment

<< Home>>

Links to this post:

Create a Link