Friday, October 27, 2006

Minor Bug in New Firefox

Of the two vulnerabilities reported since the browser's release on Tuesday, the first was patched in a previous version and the second alleged problem couldn't be replicated during testing, said Mike Schroepfer, vice president of engineering.

The first problem caused the browser to crash in some cases when text was displayed. The second problem was described as a cross-scripting attack, and sample attack code was posted on the Internet, Schroepfer said.

"The snippet [of code] didn't actually do what was claimed," he said. "We don't have enough information to understand if there is an issue or not."

Real Bug Isn't Security Risk

However, one bug does affect Firefox 2.0, but is not exploitable, Schroepfer said. The problem is caused when a very large document is loaded into an iframe--an HTML element--using Javascript, which eventually causes Firefox to hang or crash, he said.

The problem is tricky to fix, but engineers are looking at it, Schroepfer said.

Schroepfer said the Mozilla community takes security problems seriously, and any problems with the new browser will be posted to its bug list at the Mozilla Security Center.

Firefox 2.0 debuted just a few days after Microsoft unveiled Internet Explorer 7, reignited a long-standing debate over which is the better browser.

"It's a really solid release overall," Schroepfer said of the new Firefox.

Your Ad Here