According to Mozilla “A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest.” Apparently, this exploit only affects Firefox 3.6 and not earlier versions.
Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.
Some time back, I took a running shot at Firefox (this was one of my very infrequent “the glass is half empty” days), when I wrote here, “For the umpteen time, in just a short time frame, Mozilla has released a patched version of Firefox ….. this is a continuing saga with Firefox and its not getting better. If anything, its getting worse.”
I felt justified in chastising Mozilla for what I perceived to be, a series of continuing flaws in Firefox, leading to very frequent updates. Until, that is, I received an email from Mozilla’s Christopher Blizzard, in which he pointed out the following –
“Our goal is to try and update as quickly as possible to get fixes into user’s hands. Sometimes this means that we update frequently. As an example 3.5.1 was turned around in 48 hours from the release of an proof of concept exploit. And we had no warning before it was public.
So we worry about the time-to-fix as opposed to the number or frequency of releases. Firefox’s userbase happens to update pretty quickly when we release an update and this often means that our users are also the safest.
The faster you can get fixes into people’s hands, the less likely they are to run into something that’s exploitable.”
We also schedule releases every few weeks to fix known problems and fix non-severe and non-critical security fixes. But sometimes we get something that causes us to release early.”
Christopher’s sensible explanation removed a certain anxiety, and a sense of worry, that I would have to give up my beloved FF, and my stable of crucial add-ons.
To paraphrase Winston Churchill – “This was not my finest hour”. In fact, my tech friends are still laughing at me over that one.
If you have ever questioned Firefox’s frequent update history, then consider Christopher’s closing statement –
“I would point out that all browsers have security problems. And it’s how you respond to them that counts. So that’s why you’re seeing frequent updates from us.”
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.