So the latest security bug in Firefox as reported by PC World seems more urgent than most. We all understand that nothing is truly secure on the Internet but we also like to think that there are not glaring vulnerabilities in the tools we use on a daily basis. As the PC World article states:
The attack code, written by security researcher Guido Landi was published on several security sites Wednesday, sending Firefox developers scrambling to patch the issue. Until the flaw is patched, this code could be modified by attackers and used to sneak unauthorized software onto a Firefox user’s machine.
Mozilla’s Director of Security Engineering is calling this a critical issue and a fix is scheduled to be rolled out with a version update at the start of next week. These developers are calling this fix and the release of this update a “high priority firedrill security update”. Not sure about you but that kind of language sounds a little creepy.
No operating system that runs Firefox is spared on this one either including Mac OS and Linux users. Essentially the bug allows someone to plant a “drive-by download” of software by tricking a user into viewing an XML file that starts the process. This was also a public release of the hack so it makes it even more uncommon.
The PC World article doesn’t wrap up with any words to make us feel any more secure though.
While the public release of browser attack code doesn’t happen all that often, security researchers don’t seem to have much trouble finding bugs in browser software. Last week, two hackers at the CanSecWest security conference dug up four separate bugs in the Firefox, IE and Safari browsers.
Maybe these things seem bigger in light of the bad economy because these types of concerns are every day events on the Internet. When times get bad, however, crime goes up historically and now there are more avenues for a new breed of criminal using technology to carry out their plans. Something tells me this may get a lot worse before it gets better.