E-Commerce News: Security: Latest Firefox Version Plugs 7 Security Holes

Latest Firefox Version Plugs 7 Security Holes

By ECT News Staff
LinuxInsider
Part of the ECT News Network
09/18/06 8:57 AM PT

Mozilla's Firefox -- the browser that has succeeded in grabbing market share from Internet Explorer, largely based on its reputation for better security -- has experienced some bugs of its own. The Mozilla Foundation said it patched seven critical and non-critical flaws in the latest Firefox release.

Is Your Website Killing Customer Confidence?
Your Website's privacy policy can be a key factor in a customer's decision to do business with you, and it is vital to ensuring you don't run afoul of your online legal and regulatory responsibilities. Need more reasons? Read on.

The Mozilla Foundation patches seven security flaws with version 1.5.0.7 of its Firefox browser. Four of them, rated "critical," would allow attackers to install software on vulnerable computers.

The critical problems include a JavaScript error that could permit remote execution of code and a vulnerability that could permit RSA signature forging.

RSA certificates are used to authenticate secure Web sites and digitally signed e-mail messages.

"Critical" is the highest level on Mozilla's security scale. All Firefox users are urged to install the new version immediately.

Misplaced Trust

Among the non-critical flaws, there are two that relate to "sub-frames."

In one case, an attacker could use the pop-up blocker status bar to trick a user into believing that a blocked pop-up window came from a trusted site.

In another instance, a non-critical vulnerability could allow a user to be directed to a trusted site in a new window, where an attacker could use a sub-frame to steal entered data -- placing passwords or credit card information, for example, at risk.

Thunderbird Impacted Too

Firefox will download the latest update automatically by default. It is also available via the browser's auto-update feature or downloaded directly from the Firefox Web site.

Users of the Thunderbird e-mail application also are advised to install the Firefox update, since the two applications run on the same engine.

Next Article in Security

Grisoft Launches Beta of New AVG Internet Security Suite
September 12, 2006

Grisoft has added AVG Anti-Spyware and AVG Anti-Malware to the new suite, which integrates antivirus and anti-spyware features. The expanded product also provides improvements in data protection. Beta versions of AVG 7.5 products are designated for compatibility testing in a large number of different hardware and software configurations.

More by ECT News Staff

RIAA, YouTube, China: Plotting New and Creative Ways to Separate You From the Internet
March 28, 2009

RIAA finds an alternative to suing ... Warner muzzles YouTube audio ... China muzzles YouTube altogether ... gaming bucks recessionary trend ... OnLive promises console-free gaming ... Blockbuster teams up with TiVo, and more.

Merger Madness: Love Is in the Air
March 21, 2009

Cisco buys video cam maker ... IBM targets Sun for acquisition ... Facebook Connect makes its way onto the iPhone ... Hulu reveals its actual secret purpose ... Seattle P-I shuts down the presses ... EPIC aims to burst Google's cloud, and more.

YouTube vs. Royalties, Spy vs. Spy, Dell vs. a Firehose
March 14, 2009

YouTube, UK royalties agency get into it ... U.S. Cybersecurity czar takes a hike ... Dell rolls out rugged laptop ... Google tries out expanding advertisements ... sheriff sues Craigslist over prostitution ... Google's Schmidt denies interest in Twitter purchase, and more.

[Search More...]