Mozilla says its Web browsers also are accessible to hackers
By David Sheets
Of the St. Louis Post-Dispatch
07/09/2004

A Web browser promoted recently as a safe alternative to Microsoft Corp.'s troubled Internet Explorer appears to have problems of its own.

The Mozilla Organization has confirmed that its Mozilla and Firefox browsers have a security flaw that allows hackers access to users' computers. If exploited, the flaw opens a path for attackers to run computer applications remotely, particularly if the applications haven't been updated to repair their own security risks.

The "shell" problem, as Mozilla calls it in the company's announcement, also could cause computers to freeze. Shells are layers of programs that understand and execute commands entered by users.

Only computers running Microsoft's Windows operating systems are affected. Mozilla's confirmation Thursday followed initial reports of the flaw online at Full Disclosure, a public-security mailing list. Mozilla has posted updates and repair information on its Web site at www.mozilla.org/security/shell.html.

The confirmation comes a day after the U.S. Computer Emergency Response Team - the group chiefly responsible for defending against online threats - urged computer users to find alternatives to Internet Explorer because of its significant vulnerabilities. About 95 percent of all Internet browsing worldwide uses Internet Explorer.

Microsoft acknowledges that its browser has at least one flaw the company has yet to fix. Without a fix, Internet Explorer users are vulnerable to hackers looking specifically for personal information residing on personal computers.

A release date for that repair has yet to be announced.

Reporter David Sheets
E-mail: dsheets@post-dispatch.com
Phone: 314-340-8389