There’s an interesting race that started yesterday which will most likely make for an excellent case for the value of open source software. Secunia has identified a fairly nasty security issue in almost every web browser. You can read up on the details of it on secunia if you want. The gist of it is a vulnerability in popup windows and the ability of other open browser windows that did NOT originate the popup to take over the popup. That sounds relatively benign, but imagine a site where when you go to login, a popup window comes up asking for your authentication information. Unbeknownst to you, joe script kiddie owns this popup and you just gave him your login info. Or, say, you go to your bank and they popup a window ‘0% interest rates on transferred balances!’ Except you’ve been pwned and it’s Joe Script Kiddie again, and he has your account info now.

Anyway, the point of this post is this: my guess is mozilla/firefox will have this patched in relatively short order. Want to lay odds on how long it takes microsoft? I’m not guaranteeing MS will lose – there have been occasions where too much bad press manages to light a fire under their ass and they get patches out relatively quickly. But their track record is pretty bad, generally. I’m laying my money on Firefox, and if I’m right this episode gets added to my ‘why open source is superior to closed source’ file.

Meanwhile, make sure your popup blocker is set to kill, and for sites where you have to allow the popups, make sure you don’t have any other browser windows open that might be a source of malicious scripts. You could also turn javascript off to deal with this, the same caveats apply.