|
Diploid
Cuban


Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
|
Mozilla Patches 13 Firefox Security Flaws, Eight Critical
#5906539 - 07/27/06 07:45 PM (17 years, 6 months ago) |
|
|
Mozilla late Wednesday began rolling out a Firefox security update that patched 13 vulnerabilities, eight of them judged "critical" by the open-source developer.
The update, which brings Firefox to 1.5.0.5, automatically downloads to existing copies of Firefox 1.5.x, but can also be retrieved in its entirety from the Mozilla website in versions for Windows, Linux, Mac OS X in 37 localised editions.
All eight of the bugs tagged "critical" by Mozilla involve vulnerabilities and/or errors in JavaScript, the scripting language heavily used by the browser. JavaScript, like the ActiveX controls in the rival browser Internet Explorer, is the dominant source of Firefox flaws.
Danish vulnerability tracker Secunia tagged the overall update as "highly critical," the second-from-the-top threat ranking. "[These] multiple vulnerabilities can be exploited to conduct cross-site scripting attacks or compromise a user's system," Secunia's online research note read.
A majority of the bugs will allow an attacker to introduce his own code to a vulnerable system; several of them can be exploited by posting malicious code or content on websites and enticing users to visit those sites.
One of the critical flaws was credited to HD Moore, the Metasploit Framework co-creator who is posting browser vulnerabilities throughout July on his blog; another was credited to TippingPoint's Zero Day Initiative, one of the two bounty-for-bugs program.
On Thursday, Mozilla updated its Thunderbird email client to 1.5.0.5 by fixing 12 flaws, only one of which was elevated to "critical" (10 were labeled as "moderate"); the independent SeaMonkey project, which took over development of what had been the Mozilla browsing suite, posted fixes to the SeaMonkey bundle as well. Version 1.0.3, which can be downloaded from here, patched 14 vulnerabilities, all but one shared with Firefox.
The next-generation Firefox, meanwhile, continues to evolve on a separate track. Firefox 2.0 - which released in Beta 1 two weeks ago - is to move to Beta 2 on Aug. 8 and ship in final form on Sept. 26, according to a Mozilla release calendar.
http://www.itnews.com.au/newsstory.aspx?CIaNID=35335&src=site-marq
-------------------- Republican Values: 1) You can't get married to your spouse who is the same sex as you. 2) You can't have an abortion no matter how much you don't want a child. 3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer. 4) We need a smaller, less-intrusive government.
|
kotik
fuckingsuperhero


Registered: 06/29/04
Posts: 3,531
Last seen: 4 years, 24 days
|
Re: Mozilla Patches 13 Firefox Security Flaws, Eight Critical [Re: Diploid]
#5906557 - 07/27/06 07:49 PM (17 years, 6 months ago) |
|
|
still more secure than IE in everyway...
-------------------- No statements made in any post or message by myself should be construed to mean that I am now, or have ever been, participating in or considering participation in any activities in violation of any local, state, or federal laws. All posts are works of fiction.
|
Vvellum
Stranger

Registered: 05/24/04
Posts: 10,920
|
Re: Mozilla Patches 13 Firefox Security Flaws, Eight Critical [Re: kotik]
#5908702 - 07/28/06 11:34 AM (17 years, 6 months ago) |
|
|
...and they were fixed quickly upon discovery, unlike IE whose flaws sit on the books for months, at least.
|
|