Feeds

Browser bugs sprout eternal

Fresh vulns for Firefox and IE

  • alert
  • submit to reddit

Security for virtualized datacentres

Mozilla has patched a vulnerability in its popular Firefox web browser that could allow hackers to snaffle information from the PCs of surfers. The JavaScript-related security bug, which affected versions 1.0.1 and 1.0.2 of Firefox, created a means for hackers to seize potentially sensitive information in memory.

Exploitation of the flaw, discovered by Russian bug hunter Azafran, would be far from trivial. Nonetheless security firm Secunia describes the heap buffer overflow bug as "moderately critical". It has put together a test allowing users to check whether they are exposed to the problem. Secunia advised users to disable JavaScript support as a precaution. According to a posting on Bugzilla, Mozilla has fixed the flaw. Security conscious surfers are advised to download this update.

A potentially far more serious unpatched security vulnerability affects unspecified versions of Microsoft’s Internet Explorer and Outlook software. The vulnerability "allows malicious code to be executed with minimal user interaction", warns security outfit eEye, which recently reported the bug to Microsoft.

A spokeswoman for Microsoft said it was investigating eEye's report.

"At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through a service pack, our monthly release process or an out-of-cycle security update, depending on customer needs," she said. ®

Related stories

Drive-by Trojans exploit browser flaws
Firefox dusted down with security upgrade
Exploit code attacks unpatched IE bug

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.