GCN Tech Blog

By GCN Staff

Blog archive

The Fox is learning what it's like to be IE

We have it on good authority that about 83 percent of you are currently viewing GCN.com through Microsoft Internet Explorer. This blog entry isn't necessarily for you.

(Only about 1 percent of you still use Netscape Navigator. Who? During a phone conversation the other day, HUD CIO Lisa Schlosser was trying to launch a URL from an e-mail message and it brought up Netscape. When a GCN editor voiced surprise, she said HUD still had a few legacy applications that required Netscape, but that they'd convert those stragglers soon. By the way, Lisa just gave an excellent presentation on service-oriented architecture at GCN.com--you can register for a replay.)

But back to the point. You may have already seen it, but US-CERT this week saw fit to issue a browser/e-mail vulnerability alert--and its for the Mozilla family of open-source products, including the Firefox browser.

Firefox is still thought to be more secure than Internet Explorer, but experts are saying this is the first time in memory that the Mozilla suite, which also includes the Thunderbird e-mail client, has been riddled with multiple vulnerabilites. In this case, according to US-CERT, the flaws could allow an attacker "to take control of your computer."

Securty firm Secunia called some of the flaws "highly critical." In its alert Secunia says, "Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system."

To Mozilla's great credit, the open-source group already released fixed versions of the affected software, including Firefox (look for version 1.5.0.2). What's clear about the browser-security wars is that the question going forward will not be which browser has the fewest flaws, but which developer can address the flaws fastest.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Apr 20, 2006 at 9:39 AM


Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.