Firefox: When is a flaw not a flaw?
Security firm F-Secure warned last Wednesday that the vulnerability, which allows the URL in a Firefox download dialog box to be spoofed, could be exploited by online fraudsters.
Not a vulneralibity?
Some ZDNet UK readers took
issue with the experts, arguing that the flaw shouldn't be regarded as
a security vulnerability, because a Firefox user would already have to
have clicked on a phishing e-mail and been taken to a fake site to be
at risk. "Where is the problem? I hardly think that a spoofed site
would link you to a legit download area," commented Pete Molina, a PC
and LAN administrator.
"As far as a 'security hole,' it should be more of a user vulnerability, as only a dumb person goes clicking links in e-mails from odd places," argued another reader who went by the name Killian. "Granted, it's nice to know, but come on. Most of these 'announcements' just give the phishermen a reason to try to exploit it."
Mozilla's Firefox browser is proving popular with surfers who want an alternative to Microsoft's Internet Explorer, which has been prone to many security problems. Some readers were adamant that Firefox is still a much safer product than IE.
"Firefox, without a doubt, is the best and most secure browser on the market today, and no matter what propaganda is spread throughout the Net regarding its security in a negative way, those who actually know will continue to use Firefox and wait until the patch is complete, not actually even thinking nor caring whether it is released or not while using it," wrote one Web developer.
Some members of the Firefox camp weren't happy about any criticism of their favorite browser. "Thanks but no thanks for the information. We still trust and love FireFox," said Abe, an engineer. He did not reveal his last name.
No double-standard please
But other readers pointed out the importance of holding all software
to the same standards. "Firefox is undoubtedly a better and more secure
browser than IE, but any site that reports on flaws or possible flaws
in IE--and gives Firefox coverage--should report on Firefox's flaws
too," said "Seb," an artist based in London. "Essentially, Firefox is
better, but it's not perfect, and anyone who thinks or claims it, is as
bad as anyone who gets taken in by (Microsoft Chairman Bill) Gates'
marketing spiel."
A software developer from London wrote: "If this vulnerability had been identified in IE, the anti-Microsoft community would no doubt be quick to criticize the product as insecure. Users are smart enough to make up their own minds about which Web browser to use--and the more information that is available about all products on the market, including open-source efforts, the better."
One reader even took issue with the claim that Firefox is inherently more secure than IE. "Firefox may offer some 'security through obscurity,' but once it gets to any sort of critical mass, then it will be targeted. Since the hackers have the source code, their lives will be that much easier, and when a patched version is released, it will be easy for them to see where the vulnerability is and target older versions," said one London-based IT worker.
Another reader suggested that Firefox may have an uphill task breaking IE's dominance."Most users couldn't spell 'browser' without help. The only reason so many people use IE is because it is built into the operating system that was on the PC they bought," said "Philbert," a computer and electronics specialist.
Got a different view? Post a TalkBack below, or in the original story.
Ingrid Marson of ZDNet UK reported from London.