Feeds

Mozilla hastily shoves Firefox updates out door

Versions 2 and 3 get even patchier

Choosing a cloud hosting partner with confidence

Mozilla has rushed out updates to plug a few critical holes in versions 2 and 3 of its popular open source Firefox browser.

Firefox 3.0.5 fixes three critical security flaws in the browser, while 2.0.0.19 stitches four critical vulns.

Mozilla said that XSS vulnerabilities in SessionStore, XSS and so-called JavaScript “privilege escalation” and crashes that could cause memory corruption have been repaired in Firefox 3.0.5.

The bugs in the browser could have been “used to run attacker code and install software, requiring no user interaction beyond normal browsing,” said Mozilla.

It also once again urged users to upgrade from Firefox 2.0 because version 2.0.0.19 is the final release of updates for the browser.

The company “is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible”.

It added that Mozilla’s “Phishing Protection” service would no longer be available in Firefox 2. In other words, it won’t be supporting the browser against future online scams and attacks.

Mozilla’s security updates today follow on from Microsoft having to push out an emergency security patch for Internet Explorer on Wednesday, addressing a critical security hole currently being exploited in the wild.

The latest zero-day vulnerability stems from data binding bugs that allows hackers access to a computer's memory space, allowing attackers to remotely execute malicious code as IE crashes, said a red-faced Microsoft yesterday. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.