Press Releases

Browse our press release archive

19 Sep 2007

Firefox/QuickTime security hole? Patch and implement NAC advises Sophos

Network Access Control helps companies gain visibility and control over unpatched PCs

Mozilla has released version 2.0.0.7 of its Firefox web browser, fixing a security vulnerability
Mozilla has released version 2.0.0.7 of its Firefox web browser, fixing a security vulnerability.

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centers, have advised businesses and home users to update their copies of the Mozilla Firefox web browser, in order to protect against a security flaw which could be exploited by hackers to run malicious code on victims' computers. Recognizing the threat that unpatched computers present to businesses, Sophos experts have advised companies to consider the benefits of implementing a Network Access Control (NAC) solution to defend against future vulnerability issues.

Made public earlier this week, a security hole was discovered in the way that Firefox and Apple QuickTime work together, potentially allowing privileged code to execute on a user's computer without permission. Hackers can exploit the flaw to access data on a vulnerable PC or run malicious code such as a worm.

"Companies and consumers need to update their copy of Firefox to keep themselves protected against software vulnerabilities as security is not just a problem for users of Microsoft products like Internet Explorer," said Graham Cluley, senior technology consultant for Sophos. "Microsoft Internet Explorer is more often the target of attack for hackers than Firefox, but that doesn't mean that users of non-Microsoft products can stick their heads in the sand about security. There are no excuses for dragging your feet, and not using the latest version of your internet browser."

More information about version 2.0.0.7 of Firefox, and details of the security issues it claims to fix, can be found on Mozilla's website.

Sophos experts recommend that companies ensure that all computers connecting to their network conform to a defined security policy, which includes having the latest security patches in place. Network Access Control offers a comprehensive and easy-to-deploy network access control solution, giving businesses the ability to control who and what is connecting to their network.

"For companies, patch management is a big issue. You want to ensure that computers connecting to your network - whether they be guests, contractors or regular workers - are adhering to your security policy which should include running up-to-date anti-virus and the latest security patches," continued Cluley. "Network Access Control can help firms ensure that only properly secured PCs are connecting to the network, and give visibility as to which computers are not defended against the dangerous vulnerabilities."

Sophos continues to recommend computer users practise safe computing as well as running consolidated up-to-date protection against viruses, spyware, spam, and hackers.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.