Another day, another Firefox vulnerability.
Ho hum. It’s starting to feel old hat.
But the way that Firefox has responded to the latest threat (and previous threats) has given those in charge of the browser a black eye.
First, consider the newest vulnerability. This time around, it’s serious — “extremely critical” because the flaw in Firefox and Mozilla could allow malicious code to be executed on someone’s machine when they visit a Web site. As I write this, there’s no complete fix, but Mozilla is working on the problem.
The problem here is that if you visit the Firefox front page, you’ll find not a single word about the vulnerability. No warning. No explanation of the security issue. No details on how to protect yourself. Nothing. If you want to find out about it, you’ll have to dig very deep on the Mozilla site to find the security advisory.
This just isn’t good enough. Security holes are the price of success — there will be more of them. But the Firefox team has to start fessing up publicly on its own Web site when there’s a vulnerability, and give people instructions on how to protect themselves.
What do you think about the way Firefox developers respond to security threats?