Firefox update fixes bug brace
Print storyBooby trap link bug defused
Posted in Security, 31st July 2007 11:17 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Mozilla has pushed out a new version of Firefox that fixes a brace of security bugs, barely a fortnight after its last update.
Firefox version 2.0.0.6 addresses a critical vulnerability that means unescaped URIs (uniform resource identifiers) are passed to external programs. The serious security flaw, discovered by security researchers last week, created a means for hackers to install malware on a Windows PC simply by convincing potential marks to click on a doctored link.
The update also fixes a less serious privilege escalation vulnerability involving Firefox add-ons.
The release - available in Mac, Windows, and Linux flavours - will be automatically pushed out to users within the next two days. Mozilla's release notes can be found here.
Users of Thunderbird, Firefox's email client, and Mozilla's SeaMonkey suite also need to upgrade as a result of the same bugs to versions 2.0.0.6 and 1.1.4, respectively.
The update is the second from Mozilla in two weeks. Firefox version 2.0.0.5, the previous update, fixed a number of memory corruption and privilege escalation flaws, including a high-profile bug involving launching Firefox from Internet Explorer. ®
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive