Back to the Dark Ages
Earlier this year an Adobe Reader cross-site scripting vulnerability was discovered. All pre-SP2 Internet Explorer versions are affected as is Firefox. Adobe has already fixed the issue with Adobe Reader versions 6.0.6, 7.0.9 and 8.0.
Today I received an email from our internal computer security department that Firefox has been banished from the organization. Previously it was on a list of allowable freeware with other programs like iTunes (iTunes? officially sanctioned at work?) and such. Not anymore.
If you’ve ever used Firefox you’re probably aware of the immense improvement it is over IE (IE7 not yet approved). The tabbed browsing, /search and quick search bookmarks are essential for my workflow way of life! Especially at work.
I always have many pages open, all kinds of information, the countless forms I always have to fill out to document every little thing I do, instructions… forcing me to use IE for this kind of work is like they forced left-handed kids to write with their right hands at school in the 50s! Why not cut one of my arms off altogether, I’ll probably be just as efficient.
I checked the version of Adobe Reader installed on my machine and it’s already version 7.0.9, meaning I’m technically not vulnerable. But why is the official decision to remove Firefox across the organization instead of update the vulnerable program, here Adobe Reader?
I emailed the computer security team with this question. I wonder what their rationale is. I’m sure they’re experts and they know what they’re doing and they have their (very good) reasons but they sure didn’t explain these in their bulletin.
And I thought work would get better…
