Firefox update fixes critical bug brace
PrintJust off the production line
Posted in Applications, 24th September 2008 09:29 GMT
Free whitepaper – Unified Server Configurator
Mozilla published a new version of its Firefox web browser on Tuesday that fixes five security vulnerabilities, two of which it rates as critical.
Firefox version 3.0.2 fixes a memory corruption bug and a separate critical bug involving privilege escalation and the XPCnativeWrapper component of the browser. Both create possible mechanisms for hackers to inject hostile code into vulnerable systems using rigged websites, or perform similar tricks.
The same two critical bugs are fixed in Firefox 2.0.0.17, for those still using the earlier version of the browser. There's no evidence that either critical flaw has been exploited by hackers but prudence would steer towards early patching. Judging from past experience automatic updates from Mozilla will appear in about a day or so.
The updates also fix three lesser flaws - two of which are rated as moderate and one of which earns a low risk rating.
All five flaws are explained in Mozilla's release notes here and there's additional commentary from the good folk of the Internet Storm Centre here. ®
Free whitepaper – Avoiding costs from oversizing data center and network room infrastructure
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Enabling the Agile Data Center
Windows 95 to Windows 7: How Microsoft lost its vision
Ubuntu's Karmic Koala bares fangs at Windows 7
Change your views: OS X tags exploited
Sun preps cell-phone Java plan for netbooks