Firefox under fire from multiple security bugs
21 reasons to update Mozilla software
Posted in Security, 18th April 2006 10:05 GMT
Free whitepaper – Server-gated cryptography
The Mozilla Foundation has warned of a slew of critical vulnerabilities to its popular Firefox web browser and related products. The most serious of the flaws create a means for hackers to inject malware onto vulnerable systems. Other flaws would make it easier to construct phishing attacks or swipe sensitive information from PCs running Firefox.
Mozilla products fail to properly enforce security restrictions in JavaScript and are subject to memory corruption via maliciously constructed HTML tags. There's also problems with how the products handle Cascading Style Sheets which leave open security holes that might allow the execution of arbitrary code on a vulnerable system. US CERT has produced a useful overview of the vulnerabilities, the most extensive ever to affect Mozilla products, here. Secunia documents the 21 vulns here.
Users are advised to upgrade to Mozilla Firefox 1.5.0.2, Mozilla Thunderbird 1.5.0.2, or SeaMonkey 1.0.1 to guard against attack. A security update to the Thunderbird email client (version 1.5.0.2) is due to be released on Tuesday. ®


Hosted security IT manager's guide
Securing your Apache web server with a Thawte digital certificate
Vulnerability management buyer's checklist
Email continuity
Google cloud told to encrypt itself
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive