Firefox security hole reported

Posted on 12 Sep 2005 at 10:31

Firefox users have been alerted to a potential security flaw in the open source browser. The news will come as an embarrassment to the developers who have just released a beta of version 1.5 which is intended to address a number of security issues.

According to security researcher Tom Ferris a buffer overflow vulnerability exists within the current Firefox version 1.0.6, all previous versions and the beta of 1.5. Ferris says a strikingly simple piece of HTML can allow an attacker to remotely execute arbitrary code on an affected host.

Ferris says he has notified the team at Mozilla about the problem and awaits their response. The Mozilla team says they are currently investigating the reported vulnerability. However, Ferris's claims cannot be easily dismissed as he has a track record of discovering new bugs in Windows software.

Although initially billed as a more secure browser than Internet Explorer, Firefox has had its own share of security problems in the past few months. However, the Mozilla team is pressing ahead with the new versions ahead of the next release of Internet Explorer expected before the end of the year.

A roadmap for the development of Firefox is available at the Mozilla web site.

Author: Steve Malone