Mozilla: Nothing to reports of Firefox 2.0 flaws

News by Frank Washkuch Jr.

Mozilla has downplayed reports of two vulnerabilities in just-released Firefox 2.0.

Mozilla has downplayed reports of two vulnerabilities in just-released Firefox 2.0.

Researchers had posted reports of two separate flaws for the new browser version this week, mimicking the situation that faced Microsoft's Internet Explorer 7 in the days following its release, according to published reports.

Window Snyder, Mozilla security chief, told today that one of the reported flaws has been fixed, while the other can not be confirmed as a vulnerability yet.

One flaw, reported on the Bugtraq mailing list, had already been fixed in earlier versions of Firefox, she said.

Mozilla had not been given enough information on the other, which was said to be exploited in cross-site scripting attacks and cyberscams, said Snyder.

"We appreciate all of the security research," she said. "It does turn up real issues sometimes. But with these, the first is confusion about a prior bug, and the second one does not look like it's anything right now. So neither of them should be a concern to Firefox users."

Just before Tuesday's Firefox 2.0 release, Snyder told that the update's most significant security feature is its anti-phishing technology.

Earlier this week, two flaws were discovered for IE7 hours after its release to the general public. One flaw can be exploited during phishing attacks and the other was related to the browser's use of Outlook Express.

Click here to email Frank Washkuch Jr.

Crime & Threats

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike