Mozilla Responds to FireFox Flaw
Mozilla Responds to FireFox Flaw
December 19, 2005: IDM recently reported that a new release of the world’s second favourite web browser, FireFox, had a snappy new bug possibly opening clients up to a Denial of Service (DOS) attack.
The vulnerability was spotted less than a week after the new browsers release and caused a small stir on the internet even though the flaw had not been exploited. IDM spoke to Mozilla's VP of Engineering, Mike Schroepfer:
Have there been any reports of malicious exploitation of the flaw?
There have been no reported exploits of the flaw. The bug is not a security problem, but rather a hiccup in the functionality of the browser. Secunia qualified the bug as 'not critical', its most benign rating. Even under rigorous testing, Mozilla engineers were unable to confirm that the browser bug can lead to a crash and DOS.
Does it have the potential for widespread exploitation?
The flaw can affect all users if they are exploited. However, since the flaw is not a security issue, there is little motivation, financial or otherwise, for hackers to exploit it.
Is there a patch in the works to fix the issue?
A patch will be considered in the regular 6-8 week update cycle after review by Mozilla engineers. If the bug morphs into a larger issue, Mozilla will respond accordingly.
Have you switched to Firefox? Tell us what you think.
Related Article: