That kidding around turned into surprise when the researchers, a team from Radware Ltd., discovered a vulnerability in approximately under an hour.
The team, led by Itzik Kotler, Security Operation Center (SOC) Team Leader, discovered that HTML tags comprised in a certain order can cause a Denial of Service, crashing Firefox 3.0 and the Firefox 3.1 alpha release (code-named "Shiretoko").
If using multiple tabs in browsing, according to Kotler, "any unsaved or unsubmitted information within your tabs will get lost."
This vulnerability however is more of an inconvenience to users rather than a malicious threat. The researchers at Radware have found that no remote code can be injected or executed via this vulnerability.
The question remains however, as Firefox increases in popularity, will it become more of a target for threats?
"Yes" said Kotler, "Once software becomes popular, hackers want to increase their targets."
The Radware team has not found a patch to thwart this vulnerability as of yet. Kotley said, "We have communicated with Mozilla and gave them all of the proper information, I am sure they will develop a patch for it." Radware has also made CERT -- Carnegie Mellon University's Computer Emergency Response Team aware of their findings.
The discovery of this not-so-malicious vulnerability, does in no way infer that Mozilla will achieve the same vulnerability status that Internet Explorer holds. A reason for this is the way that Internet Explorer is engineered:
"IE, being an application has more connectivity features to other components in the system [and] has more ties with more code," said Kotler, "The more code the bigger the complexity."
And the more vulnerable. The fact that Firefox is stand-alone reduces the risk of the operating system it resides on being completely compromised.
Yet, it is still just a reduced risk, not a guarantee. It will be interesting to see if malware threats against Firefox increases.
Still, that conjecture is not affecting Firefox's popularity. And it certainly isn't affecting Itzik Kotler's choice of browser;
"I am still going to use Firefox" he said. He also added that he and his team are not trying to tarnish Firefox's reputation or put a scare into the public. For Kotler, the reason for their research is clear:
"We have customers to protect."
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
