http://www.techtree.com/techtree/jsp/showstory.jsp?storyid=3682

Firefox seems to be heading Internet Explorer's way with security research company Secunia stating on its website that two vulnerabilities found in the popular browser can be exploited to conduct cross-site scripting attacks and compromise a user's system.

The Mozilla Foundation is aware of the two potentially critical Firefox security vulnerabilities. They maintain that there are currently no known active exploits of these vulnerabilities though a "proof of concept" has been reported.

Mozilla stated that it is aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves by temporarily disabling JavaScript. Geoff

Thank you, Geoff! Just disabled Javascript.

Edit: Shoot. I had to turn Javascript back on to send a P.M.

The articles I`ve been reading all mention the Javascript being a possible problem, although I don`t pretend to know much about the technical side of things I must admit.

I know many Internet users speak highly of Firefox along with another one, Opera I think. IE is far from perfect I realize, but having downloaded Firefox some time back and used it for a while I thought it wasn`t really what I expected, so reverted back to IE with Service Pack 2.

Here`s another article about the Firefox situation.


A pair of extremely critical bugs, that could allow a malicious user to take over one's PC, were found in Mozilla's Firefox web browser earlier this month. The proof-of-concept code was leaked on Sunday and Mozilla recommends its users to disable JavaScript or to lock down the browser so it can't install additional software, such as extensions or themes from websites. According to Danish security vendor Secunia, which tagged the bugs with a highest "extremely critical" warning -- the first time it's used that to describe a Firefox flaw -- a hacker can trick the browser into thinking a download is coming from one of the by-default sites permitted to install software automatically: addons.mozilla.org or update.mozilla.org. Firefox 1.0.4 will be released as soon as possible to fix these bugs but Mozilla also states that currently there are no known active exploits of the vulnerabilities. More details at TechWeb (http://www.techweb.com/wire/security/163100258)


Geoff

Firefox 1.0.4 is available now.. ;)

Edited to add the vurneability lists of Internet Explorer and Firefox:
IE: http://secunia.com/product/11/
Firefox: http://secunia.com/product/4227/


(http://secunia.com/graph/?type=cri&period=all&prod=4227)

Firefox 1.0.6. now available.

http://www.mozilla.org/

Geoff

Firefox 2.0 is available! but ANY, ANY browser has holes. Simply install a good antivirus and firewall - it is enough. Another way to protect yourself - turn internet off.

I user opera. I feel totally secure.

I love Firefox and use many of the extensions and add ons. Makes for a much better browsing experience than IE.

I`m using FF 2.0, but I must say I still have a love of IE for speed, getting every site I want to use up, and overall simplicity. Having said all that the security issues are a big frightener so I now rarely use it....such a pity.

Forwardone, opera has all that about ie and its actually secure ;)