Two critical security holes in the Firefox browser have been patched in this latest software release.
Cross-site scripting exploits, exposure to potential external takeover of a browser, these were supposed to be problems experienced by the Windows world of Internet Explorer.
Not Firefox. Not with recommendations from industry analysts advising against using IE in favor of Firefox and its more secure architecture. Even the esteemed Walt Mossberg, Wall Street Journal technology columnist, extols its virtues. But it did happen.
Two exploits with proof-of-concept code demonstrated a potential for cross-site scripting and for an installer with a corrupt package icon. Welcome to IE’s world, Firefox. Don’t feel bad; even OpenBSD had a remote hole in the default install, but that was nearly eight years ago.
Cross-site scripting has become the new Internet nemesis, taking unwitting users to a site that looks like a legitimate one and stealing whatever information the user enters there. Just about every financial site on the planet has been spoofed by thieves seeking an easy score.
But the Mozilla foundation responded very quickly, detailing the potential exploits in a security release, and then making a new fixed version of Firefox available. This is the strength of open source, its advocates will tell you.
Open source code doesn’t hide in proprietary packages, where a developer or a business remains ignorant of potential bugs until someone has cracked their web site and made off with a few thousand credit card numbers. Continual review and recommendations from knowledgeable folks around the world make software like Firefox better.
Give credit to the Mozilla team for stepping up and getting Firefox fixed. But don’t worry, IE users. Your next update will be along the second Tuesday of next month. Hope you’re ok until then.
David Utter is a staff writer for Murdok covering technology and business. Email him here.
