German Security Agency Recommends Users to Stop Accessing Firefox
A federal computer security agency in Germany has asked Mozilla users not to use new Firefox browser until the company releases a security patch for the flaw.
The warning was issued by Buerger-CERT on March 19, 2010. Buerger-CERT is a project of the Federal Office for Security in Information Technology that is recognized in the country with its German initials - 'BSI.' Buerger-CERT asked Mozilla users to use another/alternative browser till Mozilla security comes up with Firefox version 3.6.2.
Mozilla acknowledged on March 18, 2010 that its browser had security flaws that would be patched in the next version 3.6.2 scheduled to be released at the end of this month (March 2010). Mozilla also claimed in its blog posting that the security flaw was critical and could lead to the execution of remote code by an attacker.
Besides, the German government took the same action in the month of January when Internet Explorer was found with a similar un-patched bug. Now the government seemed to have taken the same stand against Firefox.
Meanwhile, Mozilla released a beta version of Firefox 3.6.2 that patched the abovementioned flaw, but it has not been completely tested yet.
Security experts state that the flaw exists in the current version, but the earlier versions had different vulnerabilities. It would be wrong to advise previous versions.
Expressing his views on the issue, Graham Cluley, Senior Technologist, Sophos (an Internet security firm), said that switching to another browser would not be a dependable (or good) solution, as reported by BBC on March 22, 2010. Switching to new web browser with the revelation of a new security hole could lead to more complicate problems, Cluley said.
Cluley further asked a question - what would the user do if he came to know that his new browser contained a vulnerability?
Cluley said that he would recommend people to switch from Firefox only when they were certain what they were going to do with the swapping browser. If they still stick to Firefox, then update the patch as soon as it would be available.
Giorgio Maone, an add-on author, wrote in his blog on March 22, 2010 that another possible way for Firefox users could be to protect themselves from potential attacks by inserting NoScript, as reported by COMPUTERWORLD on March 22, 2010.
Related article: Germany Restricts Anti-Hacking Legalization
» SPAMfighter News - 31-03-2010