Since the new release of popular web browser Mozilla Firefox 3.0, over 14 million downloads have been registered by the counter posted on the Spread Firefox website. But just in a few hours (about five) after the Mozilla Firefox 3.0 was made available to the public, security flaws have been reported.
TippingPoint, a provider of network-based intrusion prevention systems, was informed about existing security issues in Mozilla Firefox 3.0 through its program Zero Day Initiative (ZDI) that rewards security researchers for exclusive information disclosing vulnerabilities founded in software products.
Even the new security features of Firefox 3.0 have the main priority to maintain personal information safe and to protect users from phishing and malware, TippingPoint confirms the existence of a critical vulnerability of high severity that affects Mozilla Firefox 3.0 (ZDI ID: ZDI-CAN-349) and prior versions of Firefox 2.0.x: "We verified the vulnerability in our lab, acquired it from the researcher, then promptly reported the vulnerability to the Mozilla security team shortly after. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code. Not unlike most browser based vulnerabilities that we see these days, user interaction is required such as clicking on a link in email or visiting a malicious web page."
In response to this security report, Mozilla Security Blog posted, "This issue is currently under investigation. To protect our users, the details of the issue will remain closed until a patch is made available. There is no public exploit, the details are private, and so the current risk to users".
If other security reports are taken into account, like the one found on SecurityFocus website which deals with an unspecified buffer overflow vulnerability (boundary condition error), the new security improvements from Firefox 3.0 are not powerful enough for present pishing and malware threats. In conclusion, having in mind that over 14 millions downloads of Mozilla Firefox 3.0 have been performed, users' computers are in potential danger until the security patches are released to fix the existing vulnerabilities.
Selasa, 24 Juni 2008
Lubang Keamanan pada Firefox 3
Walapun firefox 3 sangat diperhatikan keamanannya, ternyata lubang keamanan ditemukan di web browser firefox 3. Tentu saja hal ini akan mempengaruhi 8 juta komputer yang telah men-download dan meng-install-nya. Berikut ini adalah berita yang saya kutip dari softpedia