October 25, 2006 6:25 PM PDT

Mozilla rebuts Firefox 2 bug reports

By Joris Evers
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Mozilla unleashes Firefox 2
October 27, 2006; Spoofing bug found in IE 7
October 25, 2006; With Firefox 2, Mozilla touts security and speed
October 24, 2006; Microsoft hopes 7 is lucky number for IE
October 18, 2006; Mozilla looks to Microsoft for security
September 21, 2006; Phishers catch on to the Net's 'long tail'
September 12, 2006

A day after shipping Firefox 2, Mozilla on Wednesday largely rebutted two claims of security flaws in the latest version of the Web browser.

Bug hunters appear to be in a race to uncover new security flaws in both Firefox 2 and Internet Explorer 7, which Microsoft released last week. Word of what appears to be the first publicly disclosed IE 7 vulnerability came Wednesday.

At least two bug reports that indicated they affected the new Firefox release crossed over popular security mailing lists this week. But Mozilla on Wednesday downplayed those claims.

"I would call it just noise," said Window Snyder, Mozilla's security chief. The two issues don't present any real risk to Firefox users, she said.

One of the problems is related to a vulnerability that was patched in an earlier version of Firefox. A report on the Bugtraq mailing list suggested that the issue, labeled "critical" by Mozilla, resurfaced in Firefox 2.

The report is incorrect, Snyder said. "The vulnerabilities that were identified were actually fixed."

However, there is a related problem that can cause Firefox to crash. "The exploitable issues are fixed. There is a crash, but it is a denial of service," Snyder said. "We're going to look at it and make sure there is really nothing there."

Another report on the Full Disclosure mailing list suggested that there is a flaw in Firefox 2 that could be exploited to aid in cyberscams. The report included some computer code, but not enough for Mozilla to determine whether there is a problem, Snyder said.

"We don't have enough information to identify it. If we get more information, then we will investigate," she said.

Mozilla shipped Firefox 2 on Tuesday, nearly a week after Microsoft released IE 7. Both browsers have an emphasis on security and include features such as phishing shields to protect against fraudulent, data-thieving Web sites.

"This is one of the highest-quality Firefox releases to date," said Mike Schroepfer, vice president of engineering at Mozilla. "We fixed more issues than we ever have before. All empirical and anecdotal evidence so far shows that this is one of the most solid and stable Firefox releases."

Security researchers are welcome to hunt for bugs in Firefox, Snyder said, adding that those bugs should be reported responsibly to Mozilla, instead of disclosed publicly.

"We think it is great that the security community is working so hard to help us identify bugs," Snyder said. "Once they are identified, we're able to fix them and we fix them quickly and that means customers are less at risk."

See more CNET content tagged:
Firefox 2.0, Mozilla Corp., Firefox, security flaw, Microsoft Internet Explorer 7

Add a Comment (Log in or register) 11 comments

corporate spin?
by nrlz October 25, 2006 9:45 PM PDT: > "This is one of the highest quality Firefox
> releases to date," said Mike Schroepfer, vice
> president of engineering at Mozilla. "We fixed
> more issues than we ever have before. All
> empirical and anecdotal evidence so far shows that
> this is one of the most solid and stable Firefox
> releases."

What a load of self-gratifying corporate spin. It reminds me of when Steve Ballmer said that Windows XP was the most stable release ever and that security was their top priority.; Reply to this comment View reply
Processing

normal MR - incremental improvement
by Philips October 26, 2006 1:33 AM PDT: Firefox 2.0 is incremental release to 1.5 - there is nothing revolutionary here, just lots of little things done here and there.

More features for extensions, stability and speed improvements in many edge cases.

In the end, the main feature of Firefox - that it just works, easy/fast to install, easily extendable and has portable version.

P.S. That's funny thing called IE - even in incarnation 7 - takes *15* minutes and one reboot to install. Version 1 probably required to have computer turned off for a days.; Reply to this comment

Very secure - It locks my PC
by Im-Not-TED October 26, 2006 6:35 AM PDT: Security flaws or not. My PC locked up 3 times and required 2 reboots in the first hour of trying to run the new code (v 2.0). I have been a Firefox fan for sometime and contributed to the foundation, but I reinstalled v 1.5.0.7 today and all is well. I hope the first patch makes v 2.0 a viable brower.; Reply to this comment View reply
Processing

Do pple put as much effort on e police
by pjianwei October 26, 2006 7:20 AM PDT: and armed forces' flaws? Is e bugs finding making things more secure?; Reply to this comment

truth over hype
by aqvarivs October 26, 2006 1:27 PM PDT: Some of these guys are looking for a name boost from with in their group as "this weeks super hack" rather than actual concern for any product or it's security flaws. It marginalizes the good work of the others in this regard. Accuracy in reporting is important in maintaining the integrity and value of such reports.; Reply to this comment View reply
Processing

A hole is a whole
by theinstallguy October 30, 2006 6:30 AM PST: How can they downplay any security flaw? I have used firefox enough to be assured most issues will be fixed, but in the todays world of anti-privacy from big corporations, the big question that should be asked is, How much of our information is being sent back to the browser provider? A hole is a hole, but maybe we should look whole picture.; Reply to this comment

A hole is a whole
by theinstallguy October 30, 2006 6:32 AM PST: How can they downplay any security flaw? I have used firefox enough to be assured most issues will be fixed, but in the todays world of anti-privacy from big corporations, the big question that should be asked is, How much of our information is being sent back to the browser provider? A hole is a hole, but maybe we should look at the whole picture.; Reply to this comment

Latest tech news headlines

Facebook botnet risk revealed
Posted in News - Security by Elinor Mills

September 6, 2008 1:44 PM PDT
Security firm spots Chrome 'SaveAs' flaw
Posted in News - Security by Jonathan Skillings

September 6, 2008 11:33 AM PDT
At 10 years old, whither Google?
Posted in News - Digital Media by CBS Interactive staff

September 6, 2008 10:15 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
Chrome's JavaScript challenge to Silverlight
The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
News - Apple
Apple watchers spot 'iPod Nano' pix, iTunes hints
The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.
Outside the Lines
EIC Squared: Chrome, iPods, and a Dell-Salesforce union
On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
At 10 years old, whither Google?
Daniel Sieberg of CBS News looks at how the company grew exponentially from start-up to superstar and part of our culture, but what's ahead?
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Are Demo and TechCrunch50 fragmenting their audiences?
With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Webware
Mozilla releases second Firefox 3.1 alpha
Added features include support for a new video tag element introduced with the HTML 5 standard, along with some speed enhancements.
Green Tech
Duke Energy to invest in mini solar power plants
Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.