Browser vulnerabilities and attacks will mount

Browser developers are struggling to keep up with exploits and vulnerabilities

Window Snyder, chief security officer at open source browser maker Mozilla, is caught in the crosshairs of the raging browser vulnerability battle.

On one hand, her company launched an upgrade to its Firefox browser on Feb. 23 that specifically aims to fix a number of flaws that have been discovered in the program.

On the other hand, she's dealing with almost daily reports of newly identified vulnerabilities in Firefox disclosed by a researcher who makes his work public before informing Mozilla of the problems.

As trying as the situation may sound, Snyder admits that the day's conflicts come with the territory of her job and those of security experts at every other browser maker.

With the high-profile nature of the browser in today's Internet-based economy, working to eliminate vulnerabilities, respond to researchers, and ward-off malware attacks will remain a large part of the daily routine for the foreseeable future, according to the CSO.

Snyder said that Mozilla is receiving a lot more customer feedback of late from people concerned about browser security.

"The browser is one of most critical pieces of software on the computer in terms of something attackers are going after," Snyder said. "Attacks are constantly changing and every software developer needs to recognize new threats as they emerge, but that's nothing new, we've always considered security to be a top priority."

Despite Mozilla's ongoing security efforts, Firefox has come under intense scrutiny from Michal Zalewski, a well-known independent security researcher who has published a collection of previously undiscovered vulnerabilities in the browser during the month of February.

The Firefox security update was already delayed several days so that Mozilla could address an issue published by the researcher earlier this month dubbed the location.hostname vulnerability.

And on the eve of Mozilla's release of the revamped browser, dubbed Firefox 2.0.0.2, Zalewski published information about yet another flaw in the product involving a memory corruption issue that could allow attackers to take control of computers running the software. Phishing and spoofing threats are among the attacks likely to be aimed at the latest issue, according to Zalewski.

Although Snyder said she would prefer it if Zalewski and other researchers would disclose vulnerabilities to Mozilla before taking them public, she said the company relies on such experts to help it keep customers protected from attacks, as painful as the reports may be.

"We would prefer that he would notify us first, but more importantly we are glad researchers are looking at Firefox and helping us fix problems," the Mozilla CSO said. "We also see where the researchers are coming from, in terms of their frustration with the amount of time vendors are taking to fix vulnerabilities."

Snyder hopes that as Mozilla improves its ability to patch flaws faster, researchers will work more closely with the nonprofit company. The software maker is also developing a range of new security features for use in the Firefox 3 iteration of the browser, code-named "Gran Paradiso," that is slated to arrive sometime in the second half of 2007.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

InfoWorld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?