Yes, it so happens that the safe browser ain’t safe as you thought it to be!! Another critical security hole in Mozilla browsers(including FireFox) can let attackers run malicious software on the computers of those using any of Mozilla browsers, reports c|net.
The security flaw, reported by security researcher Tom Ferris, is due to the way Mozilla browsers handle International Domain Names a.k.a. IDNs. Mozilla Foundation released a patch in a hurry, that disables the IDN support in its browsers. π
Mozilla’s director of engineering Mike Schroepfer said:
This is a temporary work-around just to deal with the immediate issue. We’re working on a future release in which we will actually fix the problem and re-enable the IDN feature.
Switching off IDN support impacts a subset of Firefox and Mozilla users who actually use such special domain names. Luckily we do not have any known use of this exploit, but it is fairly critical if there were to be (an attack), so this is a recommended download.
However, if you don’t want to download the patch, you can follow the instructions on Mozilla website to disable the IDN support manually.
This flaw is expected to be fixed in the Beta2 of the upcoming FireFox1.5 which is due on October 5, 2005. The final release is scheduled at the end of the year!!
Well, this is nothing new, IDNs were a problem in Mozilla earlier too as Mozilla fixed a flaw in February this year that could have allowed phishers to target Mozilla users by spoofing domain names, and this is not the first critical security flaw in Mozilla either!!
What I really think is that instead of bloating the already CPU hungry(& memory hog) FireFox with more features, they should really make an effort to secure their browser & enhance its performance!! The skinning or plugin features are useless when FireFox starts eating 60MB+ of RAM and 10%+ CPU with just 1 blank tab open. π Its widely known that FireFox has a lot of security flaws & problems since its first public release, no matter how much devoted users ignore them, they are present!! And there are a lot of websites that oppose Mozilla, FireFox & Netscape!! π
The folks at Mozilla are being so carried away by their success, that they are forgetting the major reason for their success, security & performance!! If they fail to address them, then they would hardly have any advantage over IE, which is going to come out all guns blazing with v7 (probably)sometime early next year.
Sometimes I believe that most of the people who rant on about Open Source are just hypocrites, too much biased in favour of products they use & support, all the while calling for just comparisons. π That perhaps is a topic for a seperate discussion, so I’ll post on it sometime later!! π
Meanwhile, all ye Mozilla users, patch up your browser!!! π