Firefox update fixes critical bug brace
Print storyJust off the production line
Posted in Applications, 24th September 2008 09:29 GMT
Join our expert panel in discussing application security
Mozilla published a new version of its Firefox web browser on Tuesday that fixes five security vulnerabilities, two of which it rates as critical.
Firefox version 3.0.2 fixes a memory corruption bug and a separate critical bug involving privilege escalation and the XPCnativeWrapper component of the browser. Both create possible mechanisms for hackers to inject hostile code into vulnerable systems using rigged websites, or perform similar tricks.
The same two critical bugs are fixed in Firefox 2.0.0.17, for those still using the earlier version of the browser. There's no evidence that either critical flaw has been exploited by hackers but prudence would steer towards early patching. Judging from past experience automatic updates from Mozilla will appear in about a day or so.
The updates also fix three lesser flaws - two of which are rated as moderate and one of which earns a low risk rating.
All five flaws are explained in Mozilla's release notes here and there's additional commentary from the good folk of the Internet Storm Centre here. ®
Solving on-premise email challenges with on-demand services
The business case for application security
Airport insecurity: the case of lost laptops
The best practices guide for application security
Impact of the dramatic increase in devices on the cost to support
Google code cloud punts on-demand embarrassment
Microsoft weighs next-phase in open-source support
iTunes minus the player: hack your Apple beats
Oracle plans cloud strategy