Firefox critical vulnerability
With Firefox trumpeting itself as “Safer, faster, better” it’s fashionable to think of the product as being inherently safer than its opposition (primarily IE). It’s not. Mozilla has acknowledged a major vulnerability in Firefox, and with no fix available, is saying that the workaround is to switch off Javascript, and disable software installation.
Switching off Javascript renders a large chunk of the web unusable. Yeah, you can manually turn it back on for sites you trust… but who has the time to do that? And among the general non-geek populace, who has the knowledge to do it?
Of course, the likelihood of actually falling victim to this problem is pretty small. But if you’re tempted to switch back to IE, make sure it’s securely set up. One option is to use a security lockdown registry hack.
Meanwhile the neato Tiger Dashboard widgets facility that Andy’s been talking about appears to have its weaknesses too. Whoops.
Okay, so maybe I shouldn’t be so critical, especially since the stuff I code isn’t necessarily miraculously vulnerability-free. But then, I’m not coding browsers installed on millions of desktops.
I wouldn’t be surprised on Dashboard vulnerabilities given that it uses much the same technology as the web. I am sure there’s a way to sneak maliciousness (is that a word?) in there.
As always, be very careful what you download, and never take security for granted, even from sites and companies you trust.
Firefox fixed
Resolving some critical vulnerabilities discovered recently, Firefox 1.0.4 is out.
Although the release notes recommend clearing out the program directory first, I didn’t, and it seems to work okay for me….