Mozilla Firefix != secure

One of the biggest selling point of Mozilla Firefox browser was that it was more secure than Microsoft Internet Explorer. No more! There have been documented vulnerabilities in Firefox not dissimilar to that exist in IE. The link above takes to a report from Symantec that slams Firefox. How much should we read into that remains to be seen as Symantec is a known Microsoft supporter. But we cannot deny the fact that Firefox is displaying vulnerabilities we thought and hoped would not be there.

It also means another thing: Firefox is slowly but surely growing and gaining critical mass. Researchers are paying more attention and focussing on Firefox. As are the hackers. The firefox advocacy site www.spreadfirefox.com got hacked (http://www.computerworld.com/securitytopics/security/hacking/story/0,10801,105159,00.html?source=NLT_VVR&nid=105159) ; twice in three months. I am a staunch Firefox supporter and am registered member of the site. The logo on above this page shows this. And as I might be one of the person whose personal information may have been accessed, I was sent this email by the site admin.

The Spread Firefox Team became aware this week that the server hosting Spread Firefox, our community marketing site, has been accessed by unknown remote attackers who attempted to exploit a security vulnerability in TWiki software installed on the server. The TWiki software was disabled as soon as we were aware of the attempts to access SpreadFirefox.com. This exploit was limited to SpreadFirefox.com and did not affect mozilla.org web sites or Mozilla software.

We have scanned Spread Firefox servers and at this time do not believe any sensitive data was taken, but as a precautionary measure we have shutdown the site and will be rebuilding the web site from scratch. We also recommend that you change your Spread Firefox password and the password of any accounts where you use the same password as your SpreadFirefox account. We will notify you again when the site is back up with instructions on how to change your password. (Note: We do use MD5
hashing on the passwords, but MD5 cannot protect all passwords against off-line dictionary style attacks.)

After Spread Firefox was compromised in July, we instituted procedures to ensure that we apply all security fixes to the software running the site (Drupal and PHP) as soon as they become available. Unfortunately, those procedures overlooked the installation of the TWiki software since it is not used by the main Spread Firefox site. When the system is rebuilt, all the software will be audited to ensure that security updates will be applied in a timely manner. We deeply regret this incident and any inconvenience this may have caused you.

Sincerely,
Spread Firefox Team
Mozilla Foundation

I am happy that Firefox is gaining popularity, which means that we finally might have a open browser standard, but I am concerned that it may become as vulnerable as IE and we would be left nowhere to go. It is an open source and community project and we should ensure that it becomes the browser that we want it to be and not what someone wants us to have.