One thing that I really find interesting and pleasing is all the various news I have read which discusses Mozilla.  It seems like every time there is a vulnerability published about their products, they have a patch for it publicly available within the week.  As much as I would like to say other companies do that as well, I have really only heard of Mozilla accomplishing this in the news.  Granted, some vulnerabilities are more difficult to patch than others, meaning it will take more time for them, but it just doesn’t really seem like other companies are able to produce patches in the way Mozilla does.  Take Apple for example: they have a vulnerability in their Quicktime Player which the people at Mozilla actually created a patch for in regards to their browser.  I really hope I am wrong about this, but if I am not, I really hope other companies will learn from Mozilla in the field of patch development and implementation.

Researchers are publishing security vulnerabilities this week that could offer attackers new ways to get into the enterprise. Mozilla updated its Firefox Web browser on Tuesday to thwart attacks that target a flaw in Apple’s QuickTime player. Meanwhile, security researchers detailed new vulnerabilities in Windows and Windows Media player.

First up is a year-old issue with Apple’s digital media player. UK-based security researcher Petko Petkov posted exploit code for a bug in Apple’s QuickTime media player in September 2006. The vulnerability, which only affects Version 9 of the software, could allow an attacker to remotely control a victim’s computer. Apple still has not fixed the bug and was not immediately available for comment. Mozilla worked with Apple to patch its browser to protect Firefox users.[more]

Tags: Other