For the first time, a couple of “critical” security flaws were found in the Firefox browser. The main flaw is related to the way Firefox installs updates and helper applications. Mozilla has modified their update and add-on sites, so the flaw is only a problem to those that have added non standard sites to their install white lists. The second flaw is a bug in the iframe implementation where the source of the iframe is not protected from URL’s in the javascript history. Mozilla have promised to work on the problem around the clock and a fix should be available shortly. There is exploit code available, but since Mozilla have blocked the exploit from working on their own “authorized” sites, the flaw has an extremely limited target group and is therefore probably not worth the effort to malicious parties. Still, the speed with which the flaws are fixed could possibly put to rest the argument from some proprietary software providers that Open Source programs are not patched as quickly as proprietary applications. Mozilla already have an excellent record for speedy fixes, but if they manage to release a fix for this in a couple of days it will reflect very well on the OSS community.
