Even as new MyDoom variants began snaking through yet another Internet Explorer flaw, the full version release of the Firefox open-source browser is getting positive reviews even thought it may be more secure but not quite bulletproof.
“Details have been released about several vulnerabilities in Mozilla Firefox,” said a security bulletin from Secunia, a Danish Internet security company. “These can potentially be exploited to detect the presence of local files, cause a DoS (Denial of Service), disclose sensitive information, spoof the file download dialog, and gain escalated privileges.”
Yet these are considered to be very minor flaws compared to the crowd of flaws that has bedeviled Internet Explorer for several years. Secunia rates the flaws “moderately critical” and notes they have been fixed early enough as Firefox’s full release version begins to circulate. Open source analysts for the most part are enthusiastic about the new browser, saying Mozilla products are rarely if ever hit with successful attacks – though some analysts think that may not be enough to cause people to dump IE for Firefox… yet.
"As Mozilla's market share increases, you're bound to see more attacks against it," Cox Target Media Technical Writing Group supervisor Jack Freeman told SearchSecurity.com. "The reason Firefox hasn't been broken yet is because nobody has tried. I have the beta version of Firefox on one of my machines and I don't think it's necessarily more secure."
Some think Mozilla won’t grow its market share enough to lure attackers, SearchSecurity.com said, but Mozilla is still seen as likelier to handle and overcome them with better results than IE has shown in the past. "IE's big problem is it's so embedded into the Windows operating system and you can get to a lot of different programs by exploiting its vulnerabilities," BindView Corp. senior security analyst Mark Loveless told the security news site.
"Attackers mostly target home users, and since IE is free and comes with Windows out of the box, most of those users aren't going to take the time to download another browser,” he continued. “As long as that's the case, IE will continue to get the most attention from attackers. It's just too convenient for people to use and too easy to be taken advantage of."
Secunia chief technology officer Thomas Kristensen said IE’s “tight integration” to Windows, making it able to get to trusted or local zones, “makes compromising the system much easier. Mozilla runs as a stand-alone application that doesn't provide additional functionality in a local context. The kinds of flaws we've seen in IE are less likely to affect Mozilla Firefox because of its design."
Secunia also said the Mozilla Foundation generally performs better than Microsoft when it comes to getting to work on any security issues that do arise in its products.
