labels: Microsoft, New products
Internet Explorer rival Firefox 3.0 creates download record, but reveals flaws news
20 June 2008

Mission accomplished! Mozilla Firefox 3.0 is now officially a new entrant in The Guinness Book of World Records as the most downloaded software within a period of 24 hours. After having stated their intention to enter the record books with a possible 5 million downloads, Mozilla management must be elated at the 8 million downloads notched up in the first day itself.  (See: Internet Explorer rival Mozilla Firefox aims for record number of downloads)

Although the pace has now slackened with 2 million added to that number the next day, 10 million downloads in two days is something to be extremely proud of. Of course, those downloads also need to translate into increased market share, as compared to the approximately 15 per cent it enjoys today.

Of course, many of those who have rushed to download Firefox 3 are already Firefox 2 users, but let's hope that the browser has managed to attract also new users. Some analysts were quick to predict that the released of the 3.0 version will help Firefox to reach 25 per cent market share in a very short period of time.

Others think that 22 is a more realistic figure, while some other voices are predicting that until the end of the year, Firefox will reach 30 per cent market share. And Firefox will grow on the expense of Internet Explorer. But Microsoft is also scheduled to release a new version of Internet Explorer, so we are heading very quickly to a new browser war.

However, what Mozilla will not be elated about is the discovery of a flaw in its software, a fault that may allow a user's computer to be taken over if a website with such malicious code is visited on the World Wide Web. Just hours after Firefox's release, an unnamed researcher sold a critical code execution vulnerability that puts millions of Firefox3.0 users at risk of PC takeover attacks.

According to a note from TippingPoint's Zero Day Initiative (ZDI), a company that buys exclusive rights to software vulnerability data, the Firefox 3.0 bug also affects earlier versions of Firefox 2.0x.

According to ZDI's alert, it should be considered a high-severity risk:
''Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker. TippingPoint researchers continue to see these types of ''user-interaction required '' browser-based vulnerabilities - such as clicking on a link in email or inadvertently visiting a malicious web page.''

Mozilla security chief Window Snyder confirmed the existence of the code execution vulnerability, saying, ''This issue is currently under investigation.  To protect our users, the details of the issue will remain closed until a patch is made available.  There is no public exploit, the details are private, and so the current risk to users is minimal.

She added, ''At Mozilla we appreciate any report of security issues because that is how we make the browser stronger and more secure.  The best way to keep Firefox users safe is to report the issues directly to Mozilla as TippingPoint has chosen to, and to wait to release details until a fix is available.''

Firefox, first released in 2004, includes tabbed browsing, a spell checker, incremental find, live bookmarking, a download manager, and an integrated search system that uses the user's desired search engine.

Functions can be added through around 2,000 add-ons created by third-party developers, the most popular of which include NoScript (script blocker), Tab Mix Plus (adds many customizable options to tabs), FoxyTunes (controls music players), Adblock Plus (ad blocker), StumbleUpon (website discovery), DownThemAll! (download functions) and Web Developer (web tools).

Firefox runs on various versions of Microsoft Windows, Mac OS X, Linux, and many other Unix-like operating systems. Firefox's source code is free software, released under a tri-license GPL/LGPL/MPL.


 search domain-b
  go
 
Internet Explorer rival Firefox 3.0 creates download record, but reveals flaws