Mozilla: Security remains on front burner

With the release of its latest Firefox browser, open-source software maker Mozilla claims to have fixed a number of potentially serious vulnerabilities in its flagship product.

According to the firm's chief security officer, the company is working harder than ever to keep its users protected.

Through the launch of Firefox late on July 17, Mozilla moved to patch nine individual flaws resident in previous iterations of the program.

Patches built into included those meant to address multiple memory corruption bugs, a cross-site scripting vulnerability, and a flaw that could give attackers access to the browser's cache.

Among the other problems the company addressed in the update was even an unusual vulnerability that could cause malicious code to run on a PC if the browser is launched using Microsoft's rival Internet Explorer software -- a flaw that Mozilla could have easily pinned on Microsoft, despite denials from the software maker that it is at all responsible for mending the issue.

And while some security experts still maintain that open-source products are ill-fitted for use inside enterprise businesses as they may leave the door open to savvy attackers who can take advantage of the readily-available nature of the products' widely-published source code, Window Snyder, whose official title is "chief security something-or-other" at Mozilla, claims that the firm's very makeup has led Firefox and the vendor's other products to offer stronger protection for end-users than proprietary systems with which they compete.

"Transparency has been one of the key factors to our success in improving security; some see doing development with the whole world watching as an obstacle, and at times it can be a challenge, but we see it as a unique strength," Snyder said.

The security expert, herself a former employee of Microsoft, said that Mozilla currently enlists more than 10,000 people in regular security testing of its nightly product builds.

Compared to a standard Web browser development team operating under one company's roof, the virtual legion of open-source contributors provides a far deeper pool of talent to try to assault its products to find any vulnerabilities, she said.

Companies including Microsoft often point to the comparatively large numbers of bugs reported in Mozilla products by security researchers as an indicator that the technologies are less secure than their own.

However, the volume of issues being uncovered in Firefox and other open-source products is actually an illustration of the high level of scrutiny such applications receive, which is more than their proprietary counterparts, Snyder maintains.

Microsoft sends out a set of patches only once every month, but the virtual Firefox security testing team is helping Mozilla turnaround updates almost as quickly as it receives reports of any flaws, she said.

Patching vulnerabilities as quickly as possible is a more effective approach to thwarting attacks as hackers often have longer periods of time to craft assaults on proprietary systems before they are fixed, according to the expert.

Mozilla has also added real-time vulnerability updates for its users in the past year, easing the burden on people to stay abreast of any fixes on their own.

"This community approach is the reason we're able to ship patches so quickly. It's more important to communicate with people and let them know what is going on versus waiting and sitting on the information," said Snyder. "If people start looking at the amount of time it takes for companies to get updates out as the best measurement of overall security versus the number of problems that may be identified, more people are going to change their minds about whether open source is indeed the most secure model."

Questioned as to whether it becomes a challenge to respond to 10,000 independent security contributors helping in the review of its programs, Snyder said that an unofficial hierarchy has created itself among the people who regularly make helpful suggestions to Mozilla.

"It's a challenge and an opportunity trying to do development with that many different voices, and often the most adamant people make significant contributions, but people also make points and build a consensus and ideas bubble up through the group that way," she said. "Even if it makes for more work, we think it's always better to listen to the voices of many than it is to limit the process to only a few."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hines

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?