Friday
Jul 04
|
|
||||
|
Friday Jul 04
|
|||
| |
||||
Mozilla makes Surfing, a Secured Optionby Jyotirmoy - September 16, 2006 - 1 comments
" title="Mozilla makes Surfing, a Secured Option" /> After the July updation, Mozilla has pulled up its socks again to tackle more vulnerabilities coming up against it. The corporation has pushed to users, a minor upgrade to Firefox browsers with its new version of 1.5.0.7 on Thursday, which included seven security fixes, four of which the company considered "critical." In addition to the patches, the update also included improvements to the product's stability. Of the critical updates, a RSA signature forgery flaw, a memory corruption vulnerability, and two JavaScript issues were remedied. Mozilla also updated the Thunderbird e-mail client to 1.5.0.7, and patched 6 vulnerabilities, 2 of them critical. The independent Camino and SeaMonkey projects updated their applications Thursday, too. The former, a native Mac OS X browser, moved up to version 1.0.3 by fixing several critical security and stability problems, and integrated the patches to the most recent Gecko rendering engine. SeaMonkey, which is a follow-on to the discontinued Mozilla browsing suite, migrated to version 1.0.5.7. The corporation has inducted Window Snyder who just joined Mozilla as the lead security strategist. Snyder was most recently a principal founder and CTO at Matasano Security and was a senior security strategist for Microsoft heavily involved in their security development lifecycle. The key issue raised by Snyder was that the current metrics for evaluating the security of a product is flawed. 1. The current metrics that the industry uses to measure the security of a product is based on the number and frequency of vulnerabilities in a product. 2. Commercial vendors don't always patch everything. 3. Commercial vendors patch flaws through service packs and version upgrades which may hide the actual number of flaws. Snyder along with the Mozilla team believes that security metrics should be based on the following factors. 1. Days of risk (time between disclosure and patch). 2. Transparency of the patch process. 3. Security of the architecture. 4. Scope of fixes. According to her, a product that has a constant and plentiful stream of remotely exploitable flaws regardless of how good the "transparency" or the "architecture" is still stinks no matter how much perfume you spray on it. While Microsoft had a steady stream of problems with Internet Explorer, there is no getting around the fact that Mozilla Firefox within the last year had a higher number and frequency of exploits. It's no wonder why Mozilla would want to downplay the number and frequency of exploits in a particular product. Firefox has been around for about, 2 years and with this consideration of firefox being relatively new to market and it being a not for profit organization, it is observed that the regular patching it does is simply unmatchable, in terms of secured data transfer. |
|
||||||
Disclaimer: The views and investment tips expressed by investment experts on themoneytimes.com are their own, and not that of the website or its management. TheMoneyTimes advises users to check with certified experts before taking any investment decision. ©2004-2008 All Rights Reserved unless mentioned otherwise. [Submit News/Press Release][Terms of Service] [Privacy Policy] [About us] [Contact us] |
I'd like to see evidence of Firefox having more exploits in the last year than Internet Explorer. Mozilla has fixed more potentially exploitable flaws in their browser than Microsoft has fixed in theirs, but most of those flaws were not publicly known before the patch was available. I can think of several Internet Explorer flaws that were exploited for some time before being fixed this year, but I can't think of any significant flaws in Firefox that were exploited before a fix was made available.