Mozilla rebuts Firefox 2 bug reports

Bug hunters appear to be in a race to uncover new security flaws in both Firefox 2 and Internet Explorer 7, which Microsoft released last week. Word of what appears to be the first publicly disclosed IE 7 vulnerability came Wednesday.

At least two bug reports that indicated they affected the new Firefox release crossed over popular security mailing lists this week. But Mozilla on Wednesday downplayed those claims.

"I would call it just noise," said Window Snyder, Mozilla's security chief. The two issues don't present any real risk to Firefox users, she said.

One of the problems is related to a vulnerability that was patched in an earlier version of Firefox. A report on the Bugtraq mailing list suggested that the issue, labeled "critical" by Mozilla, resurfaced in Firefox 2.

The report is incorrect, Snyder said. "The vulnerabilities that were identified were actually fixed."

However, there is a related problem that can cause Firefox to crash. "The exploitable issues are fixed. There is a crash, but it is a denial of service," Snyder said. "We're going to look at it and make sure there is really nothing there."

Another report on the Full Disclosure mailing list suggested that there is a flaw in Firefox 2 that could be exploited to aid in cyberscams.

View: Full Story @ C|Net News

Report a problem with article
Previous Story

Pro Evolution Soccer 6 Hits Stores Early

Next Story

More Intel "Tigerton" Demonstrations


Commenting is disabled on this article.

Please. Firefox is 10x the browser IE is. IE 7 is a joke. All browsers will have their flaws period, I still believe that over all Firefox is a much safer browser than IE. More functional too.

LOL I love this :D. It is a chance to remind FF fanboys that their browser isn't all that and a bag of chips -- it has problems, too.

Can you people possibly spend your time nagging about a REAL problem? Hypotheticals are just silly! In the spectrum of things, this barely counts.[i]

Quote - phun8890 said @ #5.1

It's a very cool name. Heck, I'll name my kid Doorbell.

And more importantly, why does he work for Mozilla and not MS :P