October 1, 2004. The Mozilla Foundation releases an important security update for Firefox. All users should upgrade to the latest version of the Firefox Preview Release. A patch is available for current Preview Release users.
Visit the Firefox homepage to download the latest version of Firefox Preview Release (Firefox 0.10.1)
Current Firefox Preview Release users: when the update icon () appears in the upper right corner of your screen, just click on it to install the patch, or click here to install it.
Questions & Answers:
How does this security vulnerability expose the user?
A malicious hacker who could trick a user into saving a file could delete files from a user's download directory.
How serious is this vulnerability?
While this is a potentially severe security vulnerability, user interaction is required to trigger potential harm. This security update is also another example of the Mozilla Foundation identifying and fixing security vulnerabilities before they are exploited by malicious hackers. This type of security vulnerability is very different from cases where a hacker could take advantage of a vulnerability to obtain valuable information from a user's computer.
Doesn't this case illustrate that all browsers are equally insecure?
The Mozilla Foundation continues to have a very strong track record on security. According to Secunia, an independent security monitoring organization, Firefox currently has 1 open security issue, out of a total of 13 security advisories filed in 2003 and 2004. 0% of these are labeled "extremely critical", 15% are labeled "highly critical". For the same period, Secunia lists 16 open security issues out of 44 advisories for Internet Explorer 6.0, 14% of which are labeled "extremely critical", 34% are "highly critical".