Home > Computer Security > Firefox vulnerabilities give me the creeps!

Firefox vulnerabilities give me the creeps!

There used to be a time when people touted how secure Firefox was over Internet Explorer. Not any more! At least the folks over at Mozilla are kind enough about checking the status of your plug-ins.  [ Go to their separate plug-in check page ]

If you’re interested in some of the vulnerabilities that are fixed in the recent Firefox update to version 3.6.9, head on over the Firefox Security Advisories page.  Of critical note are the 10 critical vulnerabilities.

Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.

Note: After being advised that my Flash plug-in was out of date, Flash didn’t update properly when I went to the Adobe site.  I jumped over to IE, and downloaded and installed in the plug-in for Firefox manually.  Make sure to read the Adobe install message before installing, as Adobe always wants to trick you into installing some type of additional product that you don’t want, by automatically selecting the check box option for installing one of its partner’s products. Keep in mind that IE and Firefox updates are not packaged together and need to be updated separately.

  1. September 8, 2010 at 6:34 pm

    Thanks for warning us about the Firefox shortfalls. I’ve just started using Firefox after hearing it is so much better than IE8 and I’m still learning about it.

    • September 9, 2010 at 6:14 am

      Thanks for stopping by the blog. Performance wise, I like Firefox better. IE9 is suppose to have some performance enhancements. We’ll see what it looks like once it comes out.

  2. September 9, 2010 at 2:12 am

    Mr. Reiner,

    Some time back, I took a running shot at Firefox when I wrote in an article –

    “For the umpteen time, in just a short time, Mozilla has released a patched version of Firefox … this is a continuing saga with Firefox and its not getting better. If anything, its getting worse.”

    Mozilla’s Christopher Blizzard wrote a comment to express Mozilla’s perspective, which, on refection made sense –

    “We worry about the time-to-fix, as opposed to the number or frequency of releases. Firefox’s userbase happens to update pretty quickly when we release an update and this often means that our users are also the safest.

    The faster you can get fixes into people’s hands, the less likely they are to run into something that’s exploitable.”

    We also schedule releases every few weeks to fix known problems and fix non-severe and non-critical security fixes.

    “I would point out, that all browsers have security problems. And it’s how you respond to them that counts. So that’s why you’re seeing frequent updates from us.”

    Christopher’s explanation removed a certain anxiety, and a sense of worry, that I would have to give up on FF, and my stable of crucial add-ons.


    • September 9, 2010 at 6:11 am

      Interesting. The problem I see, is that Mozilla is patching vulnerabilities that have been brought to their attention. I always look at vulnerabilities from the standpoint of how long the hackers have know about them. For an organization that prides itself on how secure its products are because they are open source, these types of critical vulnerabilities point out exactly how insecure open source can really be. Imagine being a hacker, reading through the source code and being able to spot exactly where the coding is insecure. For experienced top tier hackers, finding vulnerabilities like these are easier than shooting fish in a barrel.

      I’m sure you’ve seen this, but I’ll provide Mozilla’s position on security for everyone else’s benefit:

      Thanks for stopping by and sharing your thoughts Bill. Always a pleasure. 🙂

  3. Mal
    September 11, 2010 at 11:40 pm

    Hi Mr. Reiner,

    Secunia PSI flags the latest release of Firefox as insecure too. Bit of a worry, eh?



    • September 12, 2010 at 12:10 am

      Indeed. When you launch Firefox it should automatically update it, if not you’ve got a problem.

  4. October 11, 2010 at 3:35 pm

    I have been using Opera for the last 3+ years. I tried Firefox and didn’t like it. I want a browser with no pop-ups and with Opera it has been a joy. I had to work on a computer last week whee the user got a pop-up about an update for AVG and they clicked on than AVG went crazy with alerts because of the malware that was trying to install. I do have to go to Firefox for some web apps that don’t work under Opera.

  1. September 15, 2010 at 2:43 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: