Germany warns against Firefox use

2010-03-23 07:19:27

The German government has issued a warning about using the Firefox browser

because of security issues.

The Federal Office for Information Security made a similar ruling on the safety

of Internet Explorer in January.

The office warned that the Firefox vulnerability, confirmed by Firefox makers,

could allow hackers to run malicious programs on users' computers.

A new browser release at the end of the month will fix the bug which relates to

the current version, Firefox 3.6.

A "beta" or test version of that release, Firefox 3.6.2, is already available

but has not yet been fully tested.

The BergerCERT team of the Federal Office for Information Security (BSI) has

recommended that users stop using Firefox until the tested fix is released - in

a move remarkably similar to the January announcement, in which France followed

suit just days later.

Fox swap?

The Firefox vulnerability was confirmed by maker Mozilla last week on its

security blog, when it promised that the next official release would address

the issue.

It is only the current version that is affected, but given that prior releases

have different vulnerabilities, reverting to an older version of the browser is

ill-advised.

Switching to a different browser may not be a good solution either, said Graham

Cluley, senior technologist at security firm Sophos.

"Switching your web browser willy-nilly as each new unpatched security hole is

revealed could cause more problems than it's worth," he said.

"What are you going to do when your replacement browser itself turns out to

contain a vulnerability?

"My advice is to only switch from Firefox if you really know what you are doing

with the browser you're swapping to. If you stick with Firefox, apply the

security update as soon as it's available."

Mozilla said it hopes to have the latest version ready ahead of the official 30

March release date.

"Last week we informed our users that the upcoming security release of Firefox

3.6.2 would include a fix for an exploit that was disclosed to us just over a

week ago," said a Mozilla spokesperson.

"Mozilla is aware of the BergerCERT recommendation to avoid using Firefox 3.6,

and encourage users to download the beta version of Firefox 3.6.2."

Story from BBC NEWS:

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8580716.stm

Published: 2010/03/22 16:44:41 GMT