Firefox 1.0.4 Release Thwarts Recent Exploits

Two critical security holes in the Firefox browser have been patched in this latest software release. Cross-site scripting exploits, exposure to potential external takeover of a browser, these were supposed to be problems experienced by the Windows world of Internet Explorer. Not Firefox. Not with recommendations from industry analysts advising against using IE in favor of Firefox and its more secure architecture. Even the esteemed Walt Mossberg, Wall Street Journal technology columnist, extols its virtues. But it did happen. Two exploits with proof-of-concept code demonstrated a potential for cross-site scripting and for an installer with a corrupt package icon. Welcome to IE's world, Firefox. Don't feel bad; even OpenBSD had a remote hole in the default install, but that was nearly eight years ago. Cross-site scripting has become the new Internet nemesis, taking unwitting users to a site that looks like a legitimate one and stealing whatever information the user enters there. Just about every financial site on the planet has been spoofed by thieves seeking an easy score. But here