Feeds

Mozilla patches faulty patch

Cure worse than disease

Choosing a cloud hosting partner with confidence

The Mozilla Foundation has patched a faulty patch that was itself subject to a security vulnerability.

A security update for Firefox and the SeaMonkey application suite issued in mid-December left users open to a JavaScript-related privilege escalation flaw that meant hackers could commandeer vulnerable machines, Mozilla warned on Monday.

The security bug affecting Firefox 1.5.0.9 and 2.0.0.1 as well as SeaMonkey 1.0.7 meant code designed to fix earlier flaws introduced a critical vulnerability. This vulnerability, which allowed scripts from web content to execute arbitrary code, was arguably worse than the bugs it tried to resolve because simply disabling JavaScript does not protect against the flaw.

The December security update also covered the Thunderbird email client, but it wasn't affected because it doesn't execute JavaScript URIs in IMG tags, the specific mechanism behind the bug.

Mozilla urges users to upgrade to versions 1.5.0.10 or 2.0.0.2 of Firefox and versions version 1.1.1 or 1.0.8 of SeaMonkey. Many users will already be running these versions of the software, which were issued last week as a result of separate security problems.

The need to patch faulty security updates is a problem that periodically affects updates from Redmond, though it's something of a first for the Mozilla Foundation. ®

Beginner's guide to SSL certificates

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.