Firefox security worrying say the Germans

This is an article from the BBC.  We always recommend companies use Internet Explorer because it can be controlled easily using GPO’s.  We sometimes receive complaints by users who are adamant IE is insecure and slow.  This isn’t the first time Firefox has received a bashing about security problems with its browser.  A few years ago a major security hole was revealed which took weeks to fix.

I think IE always seems to have more security and performance problems because it is used more with many more users than Firefox and Chrome.  I’m sure if attention was averted from IE and focused solely on another browser the security and performance issues would increase dramatically.

The German government has issued a warning about using the Firefox browser because of security issues.

The Federal Office for Information Security made a similar ruling on the safety of Internet Explorer in January.

The office warned that the Firefox vulnerability, confirmed by Firefox makers, could allow hackers to run malicious programs on users’ computers.

A new browser release at the end of the month will fix the bug which relates to the current version, Firefox 3.6.

A “beta” or test version of that release, Firefox 3.6.2, is already available but has not yet been fully tested.

The BergerCERT team of the Federal Office for Information Security (BSI) has recommended that users stop using Firefox until the tested fix is released – in a move remarkably similar to the January announcement, in which France followed suit just days later.

Fox swap?

The Firefox vulnerability was confirmed by maker Mozilla last week on its security blog, when it promised that the next official release would address the issue.

It is only the current version that is affected, but given that prior releases have different vulnerabilities, reverting to an older version of the browser is ill-advised.

Switching to a different browser may not be a good solution either, said Graham Cluley, senior technologist at security firm Sophos.

“Switching your web browser willy-nilly as each new unpatched security hole is revealed could cause more problems than it’s worth,” he said.

“What are you going to do when your replacement browser itself turns out to contain a vulnerability?

“My advice is to only switch from Firefox if you really know what you are doing with the browser you’re swapping to. If you stick with Firefox, apply the security update as soon as it’s available.”

Mozilla said it hopes to have the latest version ready ahead of the official 30 March release date.

“Last week we informed our users that the upcoming security release of Firefox 3.6.2 would include a fix for an exploit that was disclosed to us just over a week ago,” said a Mozilla spokesperson.

“Mozilla is aware of the BergerCERT recommendation to avoid using Firefox 3.6, and encourage users to download the beta version of Firefox 3.6.2.”


Comments RSS You can leave a response, or trackback from your own site.


Leave a Reply