Yesterday, Mozilla fixed ten security bugs in Firefox. If you haven’t upgraded Firefox to 3.5.6 yet, you can do so now. I’ll wait for you. Done? Good. You’re better off than a friend of mine who, I discovered, was still running Firefox 3.0.0. His logic? It’s Firefox and open source therefore it’s still safer than, say, Internet Explorer 6. Oh dear.
Sorry, it doesn’t work that way. He was right that open-source programs tend to be safer than proprietary programs. And, yes, he was right in thinking that the ancient IE 6 isn’t safe at all. But, just because a program is open source doesn’t mean that it’s always safe, and an old program, no matter how it was made or who made it, is very unlikely to still be safe.
The simple truth is that all programs can be broken. Some, like operating systems, Web browsers, and commonly used office software are constantly being poked and prodded by crackers to find weaknesses. Therefore, when a vendor comes out with a security patch for whatever program it is that you’re using, your best move is to patch your copy of the software as soon as possible.