Firefox users advised to switch off Javascript after vulnerabilities discovered, reports Sophos

May 10, 2005 Sophos Press Release

Firefox
Users of the Firefox web browser are being warned of critical security vulnerabilities.

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have warned businesses and home users of the Mozilla Firefox web browser of two serious security holes in the software. The vulnerabilities are considered critical as code demonstrating how they can be exploited has been published on the internet.

The Mozilla Foundation is said to be "working aggressively" to fix the problems, which could allow malicious code to be run on an innocent user's computer. Until a fixed version of the web browser is available, Mozilla is recommending that Firefox users disable Javascript in their browser.

"Firefox is increasing in popularity as a web browser, meaning its users will be targeted by more hackers in the future. News of these vulnerabilities, and the lack of any fix for users, will have jaundiced some of the recent celebrations of Firefox's 50 millionth download," said Graham Cluley, senior technology consultant for Sophos. "With organised crime increasingly attempting to steal from innocent users through viruses, phishing attacks and spyware, no-one can afford to rest on their laurels when it comes to security."

Last month 16% of visitors to Sophos's website at www.sophos.com were using the Firefox web browser. The Firefox web browser has proven increasingly popular as an alternative to Internet Explorer, after a long history of attacks targeting users of the Microsoft product.

"All internet users should realise that it's not just users of Microsoft products who are targets for hackers and malicious code," continued Cluley.

More information about the vulnerabilities can be found on Mozilla's website.

Sophos continues to recommend computer users practise safe computing as well as running up-to-date anti-virus software.