Internet Explorer is still massively flawed, but if Firefox, the most popular alternative, becomes too popular, won’t it also become more vulnerable to attacks? In Mozilla faces the curse of popularity, ZDNet‘s Dana Blankenhorn rephrases the question: “Is open source software really better than proprietary, or is that just a function of its low market share? Mozilla’s Firefox browser is a great test case. How it responds to its present security problems, and how fast new problems come on, will help us answer these key questions…Regardless of whether your process is proprietary or open source, you still need a process to collect bug reports, test patches, and expedite them to users. That process is always a bottleneck.”
We are watching Mozilla work through this process. After numerous security holes were publicized, Mozilla went to work on Firefox and released version 1.0.7. According to the Mozilla’s release notes, “Firefox 1.0.7 is a security and stability release. We strongly recommend that all users upgrade to this latest version.” It includes several security and stability fixes, including a fix for a reported buffer overflow vulnerability and a fix for a Linux shell command vulnerability.
Those hearty souls who’ve tried version 1.5 Beta may suffer attacks due to the buffer overflow problem in the beta release, which is meant for testing only and typically has bugs. The beta has been downloaded about 500,000 times, according to Mozilla.
While popularity will increase the kind of attacks that Internet Explorer is famous for, Firefox doesn’t have the legacy requirements of Internet Explorer, and it’s developers are not shackled to a business plan of world domination through Windows. The army of developers working on Firefox have way too much credibility to lose if Firefox becomes as unusable as IE. I just don’t think they will let that happen.