By John Borland, 9 July 2004 09:00
NEWS Developers at the open-source Mozilla Foundation have confirmed that the latest version of their web browsers have a security flaw that could theoretically allow attackers to crash computers or launch unauthorised programs.
The flaw was publicised on a security mailing list, along with a link to a fix for the problem. Updated versions of the affected software programs, which include the Mozilla, Firefox and Thunderbird browsers, have been released.
Developers said the flaw affected only Windows users, not computers running either the Macintosh or Linux operating systems
The news comes as Microsoft has been dealing with a string of security flaws found in its Internet Explorer browser during the past several weeks. Some researchers had begun recommending that people worried about online security stop using the IE browser altogether.
Microsoft recommends that web surfers using Internet Explorer keep abreast of the latest security warnings, and go to the company's Protect Your PC site.
Mozilla developers said that future versions of the Firefox web browser would have automatic update notifications that would make it easier to notify users about security fixes.
John Borland writes for CNET News.com
Comments
There are 4 comments. Join the discussion
1. Craig
If there is any further proof needed as to the horrendous security threat that is Microsoft Windows, this is it.
This security flaw in Mozilla effects Windows versions only even though the vast majority of the browser's code will be the same on all platforms. There is really not much more one can say.
2. anonymous
"The kicker is that this isn't even a problem with Mozilla; it's a problem with Windows Explorer. Windows XP Service Pack 1 was supposed to have closed this hole, but apparently it is still functioning and leaving Windows systems open to remote attack. So the Mozilla team worked to patch a hole that had little to do with their project."
--Quoted from Newsforge
3. anonymous
The Mozilla incident is nothing on IE, as the Berbew incident proved + IE is not fixed for the related 'shell' exploit. ActiveX = fatally insecure, simple as that.
4. david grim
This is proof, that the Windows Platform is Fundamentally Flawed.