"Hackers have been able to exploit a critical flaw in Mozilla's Firefox browser. The Infostealer.Snifula programme installsTrojans that are then loaded at browser startup. The virus uses XPCOMS to install the Trojans."
Is it still safer than Internet Explorer or Opera? What can I do to protect myself?
At the time of this announcement, and from my understanding based on some recent comparisons, that there have been fewer flaws discovered (emphasis on discovered rather than existing) in Firefox. This doesn't mean Firefox is more secure.
If you examine market share of the browser space, then IE still firmly remains the major player with approximately 80-90% of the market, depending on whose figures you believe. In comparison, Firefox has about 10-15% of the market share. If I am an attacker and designing a trojan or attempting to discover a flaw in a browser then, in order to maximize the effectiveness of that attack, I am logically going to target the application based on:
- Ease of exploitation
- Prevalence of the application
- Highest return on investment
Therefore, most attackers seek out flaws and target attacks on IE browsers. If Firefox's market share grows then attackers will start to pay more attention to it and, I suspect, some more flaws may be discovered and exploited. This is a very simplistic overview but it highlights that making assumptions about the security of a particular application can be dangerous.
So what can you do to protect yourself? Well first, update. Make sure to the best of your ability that you and your organization use an up-to-date version of your selected browser. Chose a good anti-virus product and look at anti-spam and personal firewall products, like ZoneAlarm. Consider a regular scan of your environment/host for spyware/malware using one of a number of tools available on the market.
Here's the apparently simple and common sense stuff which is, sadly most often responsible for causing a breach: don't trust emails, downloads or applications where you are not sure of the sender or the content. When in doubt, err on the side of caution. Someone can always re-send you an email but it's a lot harder to get back stolen money or recover from an identity theft.
This was first published in August 2006