Firefox vulnerabilities and 1.5 Release Candidate
I know there’s been at least one and probably a couple of Mozilla Firefox vulnerabilities announced in the last month or so. There are currently (according to Secunia) 3 unpatched Firefox vulnerabilities.
The secunia page for firefox has the details. There are two vulnerabilites for which there is a workaround (as opposed to a patch) to resolve the issue. I don’t know what the status of those vulnerabilities are in the upcoming Firefox 1.5, but the other Firefox news I have is that the first Release Candidate for 1.5 has been released at the Mozilla.org site.
One of the GREAT improvements coming in 1.5 is an automatic update for the browser. Of course, to update Internet Explorer you either visit windowsupdate.microsoft.com, or let windows update itself automatically. Well, now Firefox will be able to auto-update which makes me a bit more comfortable about installing firefox on client systems.
I know I’ve typically been harder on Explorer for unpatched vulnerabilities and have recommended Firefox as a more secure browser. The simple fact is, in spite of 3 unpatched vulnerabilities, that still pales in comparison to Explorer 6.x with 20 unpatched vulnerabilities.
No piece of software is perfect, open-source or otherwise. With open source software the hope is that when anyone is free to review the code, vulnerabilities will hopefully be 1) less likely to make it into general release and 2) more likely to be quickly fixed on discovery (or at least quickly worked around.)