# Firefox security warning



## PETERFC (Apr 3, 2009)

Hi All

It has been announced that Firefox have found a security issue. The latest update has been brought forward a week to address this issue. It's ready now for updating. Below is the text and there is a link to the site the information came from.

Ubuntu Linux users have nothing to be concerned about.

Peterfc


BBC News - Firefox releases security patch


Firefox releases security patch
BurgerCERT page
The Computer Emergency Response Team warned about Firefox 3.6

Mozilla has released Firefox 3.6.2 almost a week early after security issues were found in earlier versions.

Firefox 3.6.2 was originally due to launch at the end of March, but is available to download now from the Mozilla website.

The security hole had led the German government to issue a warning about Firefox 3.6.

The Federal Office for Information Security made a similar ruling on the safety of Internet Explorer in January.

It warned that the Firefox vulnerability, confirmed by Firefox makers, could allow hackers to run malicious programs on users' computers.

Germany's official cyber-security response team - BurgerCERT - had recommended that users stop using Firefox until the tested fix was released.

It was a move remarkably similar to the January announcement, in which France followed suit just days later.

Fox swap?

The original Firefox vulnerability was confirmed by maker Mozilla last week on its security blog, when it promised that the next official release would address the issue.

It is only the current version that is affected but, given that prior releases have different vulnerabilities, reverting to an older version of the browser is ill-advised.

Switching to a different browser may not be a good solution either, said Graham Cluley, senior technologist at security firm Sophos.

"Switching your web browser willy-nilly as each new unpatched security hole is revealed could cause more problems than it's worth," he said.

"What are you going to do when your replacement browser itself turns out to contain a vulnerability?

"My advice is to only switch from Firefox if you really know what you are doing with the browser you're swapping to. If you stick with Firefox, apply the security update as soon as it's available."

A Mozilla spokesperson said: "Last week we informed our users that the upcoming security release of Firefox 3.6.2 would include a fix for an exploit that was disclosed to us just over a week ago.

"Mozilla is aware of the BergerCERT recommendation to avoid using Firefox 3.6, and encourage users to download... Firefox 3.6.2."


----------

