Patch/Configuration Management, Vulnerability Management

Mozilla: Nothing to reports of Firefox 2.0 flaws

Mozilla has downplayed reports of two vulnerabilities in just-released Firefox 2.0.

Researchers had posted reports of two separate flaws for the new browser version this week, mimicking the situation that faced Microsoft's Internet Explorer 7 in the days following its release, according to published reports.

Window Snyder, Mozilla security chief, told SCMagazine.com today that one of the reported flaws has been fixed, while the other can not be confirmed as a vulnerability yet.

One flaw, reported on the Bugtraq mailing list, had already been fixed in earlier versions of Firefox, she said.

Mozilla had not been given enough information on the other, which was said to be exploited in cross-site scripting attacks and cyberscams, said Snyder.

"We appreciate all of the security research," she said. "It does turn up real issues sometimes. But with these, the first is confusion about a prior bug, and the second one does not look like it's anything right now. So neither of them should be a concern to Firefox users."

Just before Tuesday's Firefox 2.0 release, Snyder told SCMagazine.com that the update's most significant security feature is its anti-phishing technology.

Earlier this week, two flaws were discovered for IE7 hours after its release to the general public. One flaw can be exploited during phishing attacks and the other was related to the browser's use of Outlook Express.

Click here to email Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.