Mozilla rebuts Firefox 2.0 bug claims
“I would call it just noise”
A day after shipping Firefox 2.0, Mozilla largely rebutted two claims of security flaws in the latest version of the web browser.
Bug hunters appear to be in a race to uncover new security flaws in both Firefox 2.0 and Internet Explorer 7, which Microsoft released last week.
At least two bug reports that indicated they affected the new Firefox release crossed over popular security mailing lists this week.
But Window Snyder, Mozilla’s security chief, said: “I would call it just noise.” The two issues don’t present any real risk to Firefox users, she said.
One of the problems is related to a vulnerability that was patched in an earlier version of Firefox. A report on the Bugtraq mailing list suggested that the issue, labelled “critical” by Mozilla, resurfaced in Firefox 2.0.
The report is incorrect, Snyder said. “The vulnerabilities that were identified were actually fixed,” she said.
However, there is a related problem that can cause Firefox to crash. Snyder said: “The exploitable issues are fixed. There is a crash but it is a denial of service. We’re going to look at it and make sure there is really nothing there.”
Read more: silicon.com