Sunday, October 01, 2006
Firefox security news
First off, it's a good idea no matter what to run the NoScript extension to Firefox.
There was a recent study about browser security bugs. Firefox has been having a lot of bugs found lately. Firefox hasn't changed that much, the rate of bug discovery has, so it must be that more people are looking.
How much does that affect your security? Not very much, since the average time from discovery of a Firefox security problem to release of a fix is one day. That's not much window of vulnerability. But do be sure to accept updates when Firefox tells you they're available.
Now there's a report that some people at a conference announced that Firefox is "critically flawed" and that they've found a way to take over a machine running Firefox if it visits the wrong Web page. Unfortunately they didn't see fit to describe the problem, report it to anyone who might fix it, or even demonstrate it -- they just showed a video. Could be real, I'll update you if anything comes of it.
UPDATE 10/3:
One of those people is back-pedalling, saying that their announcement was "meant to be humorous". The security world is not amused.
|
There was a recent study about browser security bugs. Firefox has been having a lot of bugs found lately. Firefox hasn't changed that much, the rate of bug discovery has, so it must be that more people are looking.
How much does that affect your security? Not very much, since the average time from discovery of a Firefox security problem to release of a fix is one day. That's not much window of vulnerability. But do be sure to accept updates when Firefox tells you they're available.
Now there's a report that some people at a conference announced that Firefox is "critically flawed" and that they've found a way to take over a machine running Firefox if it visits the wrong Web page. Unfortunately they didn't see fit to describe the problem, report it to anyone who might fix it, or even demonstrate it -- they just showed a video. Could be real, I'll update you if anything comes of it.
UPDATE 10/3:
One of those people is back-pedalling, saying that their announcement was "meant to be humorous". The security world is not amused.
# posted by Frederick @ 11:46 PM Email to a friend:
Haloscan: they provide trackback