GCN Tech Blog

By GCN Staff

Blog archive

The Fox is learning what it's like to be IE

We have it on good authority that about 83 percent of you are currently viewing GCN.com through Microsoft Internet Explorer. This blog entry isn't necessarily for you.

(Only about 1 percent of you still use Netscape Navigator. Who? During a phone conversation the other day, HUD CIO Lisa Schlosser was trying to launch a URL from an e-mail message and it brought up Netscape. When a GCN editor voiced surprise, she said HUD still had a few legacy applications that required Netscape, but that they'd convert those stragglers soon. By the way, Lisa just gave an excellent presentation on service-oriented architecture at GCN.com--you can register for a replay.)

But back to the point. You may have already seen it, but US-CERT this week saw fit to issue a browser/e-mail vulnerability alert--and its for the Mozilla family of open-source products, including the Firefox browser.

Firefox is still thought to be more secure than Internet Explorer, but experts are saying this is the first time in memory that the Mozilla suite, which also includes the Thunderbird e-mail client, has been riddled with multiple vulnerabilites. In this case, according to US-CERT, the flaws could allow an attacker "to take control of your computer."

Securty firm Secunia called some of the flaws "highly critical." In its alert Secunia says, "Multiple vulnerabilities have been reported in Firefox, which can be exploited by malicious people to conduct cross-site scripting and phishing attacks, bypass certain security restrictions, disclose sensitive information, and potentially compromise a user's system."

To Mozilla's great credit, the open-source group already released fixed versions of the affected software, including Firefox (look for version 1.5.0.2). What's clear about the browser-security wars is that the question going forward will not be which browser has the fewest flaws, but which developer can address the flaws fastest.

Posted by Brad Grimes

Posted by Brad Grimes, Joab Jackson on Apr 20, 2006 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.