 |
 Hackers ahead of browsers, this time not only Microsoft's
July 12, 2004
Interesting news has emerged today that not only Internet Explorer is prone to security flaws, but its small rival, Mozilla, also followed the suit. Mozilla, which offers a product suite that includes the Firefox Web browser and Thunderbird email program, reported a security flaw yesterday, although within 24 hours, it had issued a patch to plug the hole.
Mozilla's been one of the Web browsers of choice after the Internet Explorer's users found out how dangerous it was to continue using IE, and the report prepared by the U.S. government's Computer Emergency Readiness Team (CERT) certainly clarified the situation with its suggestion that Microsoft's Internet Explorer was just too dangerous to use right now. And when Internet users have learned of lame protection they were getting while surfing WebPages supporting Java and ActiveX scripts that were sneaky, they not surprisingly flocked to Mozilla, downloading Mozilla software 200,000 times per day, an all-time high and almost five times the usual rate.
"It's reflective of a trend that we've seen over the last year with more web users becoming frustrated with the internet suxperience," said Chris Hofmann of the Mozilla Foundation, a non-profit organization supported by IBM, Sun Microsystems, and other companies.
One incident last month enabled hackers to gain access to web surfers' computer s by taking advantage of vulnerabilities in Microsoft's browser. Hackers could then install remote access Trojan programs that enabled them to control a victim's computer. The hackers could also install software to capture a victim's keystrokes to steal data such as bank account numbers and passwords.
Internet community shares that Mozilla's flaw only affects machines running Windows XP or 2000, so the problem would not reflect on the users who use Mozilla while running Apple or Linux operating systems, thus representing an argument that the flaw is technically a "Microsoft problem." As one security expert put it: "I think the argument is that Windows should prevent the shell scheme from executing programs, but this isn't a job for Windows. This is a job for the browser. All Windows is doing in the case of what was just patched in Mozilla is taking an instruction to run a program and running it. If the browser didn't ask for it, it wouldn't happen".
And Mozilla people deserve a bit of lauding, to come up with a patch within a day while it took a week for its bigger rival.
|
|
