Mozilla admits Firefox is flawed just like IE

In a public mea culpa, Mozilla Corp.'s chief security officer acknowledged today that Firefox includes the same flaw that the company called a "critical vulnerability" in Internet Explorer during a two-week ruckus over responsibility for a Windows zero-day bug.

"Over the weekend, we learned about a new scenario that identifies ways that Firefox could also be used as the entry point," said Window Snyder of Mozilla. "While browsing with Firefox, a specially crafted URL could potentially be used to send bad data to another application. "We thought this was just a problem with IE," Synder continued. "It turns out, it is a problem with Firefox as well."

The argument over responsibility for a flaw that involved both IE and Firefox began two weeks ago, when Danish researcher Thor Larholm argued that IE contained an input validation bug that lets it pass potentially malicious URLs to other applications. Larholm called out Firefox's "firefoxurl://" protocol as one that IE mishandled. He staked out the position that IE was to blame, while other security experts said it was Firefox's fault.

View: Full Story @ Computer World

Report a problem with article
Previous Story

Vista use grows as Mac OS X stays flat

Next Story

Windows 7/x86 not such a bad thing

20 Comments

Commenting is disabled on this article.

Silly headline, they are admitting that Mozilla has the same kind of flaw which is a lot different from admitting that Mozilla is "just as flawed", and I'm willing to bet hell will need to freeze over first before they would ever admit something like that!

lol! did Mozilla think it was the golden child of all browser clients? There will always be some sort of flaw with every browser; this is a known fact.

It's not the idea that flaws don't exist, it's the idea that flaws are fixed as soon as they are found. Serious patches should be released as soon as they are found to be stable, not at the convenience of the company with the "mañana" attitude (that's "tomorrow" for you non-Spanish speakers).

As a fan of Firefox, I'm glad they've seen/admitted the flaw. All it means for us is that a fix is soon on the way.

Flawed even worse than IE, is what they REALLY meant. Firefox is/was nothing but a fanboy fad. I'd use IE over Firefox anyday. In fact, I'd use ANY browser over Firefox ANYDAY and another in fact is, I DO!!

Strange child...

The only time I have ever got a virus is because I went to a "dodgy" site using IE just after I installed windows, before I installed an antivirus ( or Firefox ). Browsing the same sites in Firefox gives me no issues. Go figure.

Everything has flaws, but in my experience Firefox's are significantly less deep or far-reaching than IE's.

cork1958 said,
Flawed even worse than IE, is what they REALLY meant. Firefox is/was nothing but a fanboy fad. I'd use IE over Firefox anyday. In fact, I'd use ANY browser over Firefox ANYDAY and another in fact is, I DO!!

Both are affected by the same kind of flaw.
Mozilla devs are working on a patch.
IE devs aren't even planning to do such a thing, ever.

What was your point again?