Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
Better Email Security Just Got A Whole Lot Easier. And Cheaper. Introducing Security Software As A Service From Webroot. Free 14-Day Trial.
Mozilla 
released the first security reinforcements for Firefox 2.0, the latest version of its popular Web browser, providing users of the open source 
software
with fixes for five critical and three minor security holes.
Security has emerged as one of the most important aspects of
browser software from Mozilla, Microsoft (Nasdaq: MSFT) ,
Opera and others, as attackers
increasingly take advantage of browser vulnerabilities to hook into the computers of unsuspecting Web surfers.
This week's patches address flaws that are indirectly related to security , Burton Group Vice President Craig Roth told LinuxInsider.
"They're security, but they're bug fixes to things that may affect security issues," he said, referring to social engineering attacks that aim to trick users rather than fooling the software.
The security advantages of Firefox have helped it gain on Microsoft's Internet Explorer like no other competitor in years. However, even though it has been growing rapidly, it is still much smaller in market share and appeal to attackers than IE.
Microsoft dominates with more than 80 percent share. However, Firefox
has passed the 12 percent mark and is now pushing toward 15 percent. The remainder is owned by Opera, Apple's (Nasdaq: AAPL) Safari and other browsers.
Mozilla released Firefox 2.0 last October as Microsoft rolled its major browser upgrade to market with IE7. Both browsers focus on security, and both have suffered from bugs, flaws and security holes that come with all software, including a password theft vulnerability disclosed earlier this month.
In this week's security update, Mozilla addressed five vulnerabilities deemed "critical," two considered "high" impact, and one minor issue.
The critical issues include an SVG Processing Remote Code Execution, a LiveConnect crash finalizing JavaScript objects, and privilege escalation using watch point, Mozilla said.
Security firm Secunia issued an advisory on the Firefox
vulnerabilities and a recommendation that users update to Firefox 1.5.0.9
or 2.0.0.1.
Roth downplayed the significance of the Firefox security fixes, indicating Mozilla was not featuring the update prominently, nor was it urging users to download it.
The biggest security advantage of Firefox is its much smaller user base compared to Explorer, Roth said, suggesting that the latest updates are less important than how Mozilla deals with continuing and improving social engineering attacks, particularly phishing.
"It's an ongoing issue -- one that's more important to track than
things like this," he said.
Next Article in Security: Opera Takes On Phishers With Latest Browser Release
Print Version
E-Mail Article
Digg It
Reprints
More by Jay Lyman
Related Stories
Related News Alerts
More Stories by Jay Lyman
Letters: 
Talkback: