In the very week Mozilla Firefox version 1.0 was launched, a series of potentially nasty security holes have been uncovered in older versions of the browser.
They have been classified by security company Secunia as "moderately critical", and could be exploited to "detect the presence of local files, cause a DoS (Denial of Service), disclose sensitive information, spoof the file download dialog, and gain escalated privileges," the company's advisory notes.
In plainer English, this could allow malicious theft of passwords in Windows systems by way of directory file shares, spoofing of file extensions during file downloads, and the launching of a DoS attack of sorts on affected systems.
The answer is for users to upgrade immediately to version 1.0, released only days ago. The problems are assumed to affect all versions up to version 0.9.
Of the Mac OS X version, Secunia says: "Firefox is installed with world-writable permissions, which potentially can be exploited by malicious, local users to gain escalated privileges," so the problem is not only one that hits Windows versions.
Microsoft’s Internet Explorer has come in for heavy criticism for its regular security problems, caused, some have claimed, by the company’s unwillingness to invest in development. It looks as if Mozilla’s open source method will have to work hard to keep up as well.
Please send all "open-source is never wrong" hatemail to [email protected]