The Fire of London began on the night of September 2, 1666, as a small fire on Pudding Lane, in the bakeshop of Thomas Farynor, who was King Charles 2nd’s baker. The story goes that one of the servants woke up around midnight to find the house on fire. By eight o’clock the next day, the fire had spread halfway across London Bridge, destroying around 80% of the city and killing nearly a fifth of the population. An example of how quickly a minor incident can turn into a major disaster.
The Mozilla Foundation Security Advisories 2005-43 and 2005-44 deal with two serious vulnerabilities which can be found in the popular Firefox browsers, versions up to 1.0.3, included. The vulnerability was announced last weekend, and it’s taken the Firefox developers a long four days to come out with a patch, test it and release it to the public.
In a normal development cycle, four days from patch development to release a fix is an extremely short period of time. In comparison, Internet Explorer patches are released on a monthly basis, and it’s not uncommon to wait as long as three weeks for a fix to a critical security bug. Of course, this methodical development cycle is one of the reasons why many users have switched to Firefox, and it’s encouraging to see the level of dedication and commitment the Mozilla developers put into maintaining the security of their products.
In a world where virus writers, adware developers and hackers are constantly searching for ways to infect your systems, a timely response to security issues is a must. Sometimes even a day, or why not, an extra hour can matter. And sure enough, there are reports of the above mentioned Firefox bugs already being exploited on the Internet. I don’t want to think what might have happened if we had had to wait another another month for the patch.
You can get the Firefox 1.0.4 update here.