Thursday, August 24, 2006

Another Firefox Vulnerability - Already?!

Firefox’s latest browser, version 1.5.0.6, already has a new vulnerability.

National Vulnerability Database Article

Look to the left of this article – below my profile, and you will see that I am a big Firefox fan. I still use Internet Explorer, and Opera, and Netscape, yada yada yada, however, because I do a lot of testing. I just want to say that I am not writing this post to slam any particular browser or boost one over the other. But I have to wonder – and this is for all the little computer nerds who work in Best Buy, constantly parroting the virtues of Firefox to every customer they see – why is it that all these new vulnerabilities in Firefox practically go unnoticed while the Internet Explorer vulnerabilities get all the press?

In the last three weeks or so, Firefox has released two new versions, presumably to cover security holes and add features. The only reason I found out about the latest Firefox vulnerability is some micro-font text on a Dark Reading Weekly page – not a front page press item to be sure. I’m sure this will be published on Secunia and SANS very soon. But because the kids at Best Buy tell you matter-of-factly that Firefox is the only way to go, and just because Firefox doesn’t get the big press, doesn’t mean you are always safe and never need to pay attention to staying up to date.

Anyway, my point in all this is that people fall into a false sense of security because they hear so-called “experts” blather on about how Firefox is far superior to Internet Explorer from a security standpoint. People blindly follow this advice, thinking that they will never, ever, ever, ever have to worry about anything from now on. This notion is putting a patently false idea into your heads. Regardless of what products you use, you always need to stay vigilant for security flaws and apply updates when they are available.

The bad guys are getting bored with Microsoft – due diligence and proper risk analysis means that you are evaluating all of your software and keeping them up to date. Stay safe with all parts of your system!

No comments: