Firefox flaw sparks a fiery debate

TalkBack: Our article reporting the discovery of a security hole in Firefox had elicited a wide range of opinions - both from fans of the open source browser, and those who are less enamoured with it
Written by ZDNet UK, Contributor
The news that the Firefox browser contains a flaw that could help cybercriminals to carry out phishing attacks stirred up plenty of reaction and discussion among ZDNet UK readers.

Security firm F-Secure warned on Wednesday that the vulnerability, which allows the URL in a Firefox download dialog box to be spoofed, could be exploited by online fraudsters.

Some of you took issue with the experts, arguing that the flaw shouldn't be regarded as a security vulnerability because a Firefox user would already have to have clicked on a phishing email and been taken to a fake site. "Where is the problem? I hardly think that a spoofed site would link you to a legit download area," commented Pete Molina, a PC and LAN administrator.

"As far as a 'security hole' it should be more of a user vulnerability, as only a dumb person goes clicking links in emails from odd places," argued Killian, another reader. "Granted, it's nice to know, but come on. Most of these 'announcements' just give the phishermen a reason to try to exploit it."

Mozilla's Firefox browser is proving popular with surfers who want an alternative to Microsoft's Internet Explorer, which has been prone to many security problems. Some readers were adamant that Firefox is still a much safer product than IE. "Firefox without a doubt, is the best and most secure browser on the market today, and no matter what propaganda is spread throughout the Net regarding its security in a negative way, those who actually know will continue to use Firefox and wait until the patch is complete, not actually even thinking nor caring whether it is released or not while using it," wrote one Web developer.

Some members of the Firefox camp weren't happy about any criticism of their favourite browser. "Thanks but no thanks for the information. We still trust and love FireFox," said Abe, an engineer.

But other readers pointed out the importance of holding all software to the same standards. "Firefox is undoubtedly a better and more secure browser than IE, but any site that reports on flaws or possible flaws in IE -- and gives Firefox coverage -- should report on Firefox's flaws too," said Seb, an artist based in London. "Essentially, Firefox is better but it's not perfect, and anyone who thinks or claims it is as bad as anyone who gets taken in by Gates' marketing spiel."

A software developer from London wrote: "If this vulnerability had been identified in IE, the anti-Microsoft community would no doubt be quick to criticise the product as insecure."

"Users are smart enough to make up their own minds about which Web browser to use - and the more information that is available about all products on the market, including open source efforts, the better."

One reader even took issue with the claim that Firefox is inherently more secure than IE. "Firefox may offer some 'security through obscurity', but once it gets to any sort of critical mass then it will be targeted. Since the hackers have the source code their lives will be that much easier, and when a patched version is released it will be easy for them to see where the vulnerability is and target older versions," said one London-based IT worker.

Another reader suggested that Firefox may have an uphill task breaking IE's dominance."Most users couldn't spell 'browser' without help. The only reason so many people use IE is because it is built into the operating system that was on the PC they bought," said Philbert, a computer and electronics specialist.

Got a different view? Post a TalkBack below, or in the original story.

You can also rate the browser yourself in our Firefox review, where it currently enjoys a 100 percent rating from ZDNet UK readers.

Editorial standards