Headline FeedsThe Mozilla Foundation patches seven security flaws with version 1.5.0.7 of its Firefox browser. Four of them, rated "critical," would allow attackers to install software on vulnerable computers.
Latest Firefox Version Plugs 7 Security Holes
Mozilla's Firefox -- the browser that has succeeded in grabbing market share from Internet Explorer, largely based on its reputation for better security -- has experienced some bugs of its own. The Mozilla Foundation said it patched seven critical and non-critical flaws in the latest Firefox release.
Increase Customer Sales with VerticalResponse Email Marketing! Quickly and easily send email newsletters, coupons & sales announcements to your customers – no technical expertise needed. Sign up for your Free Trial today and send 100 emails on us!
The critical problems include a JavaScript error that could permit remote execution of code and a vulnerability that could permit RSA signature forging.
RSA certificates are used to authenticate secure Web sites and digitally signed e-mail 
messages.
"Critical" is the highest level on Mozilla's security scale. All Firefox users are urged to install the new version immediately.
Misplaced Trust
Among the non-critical flaws, there are two that relate to "sub-frames."
In one case, an attacker could use the pop-up blocker status bar to trick a user into believing that a blocked pop-up window came from a trusted site.
In another instance, a non-critical vulnerability could allow a user to be directed to a trusted site in a new window, where an attacker could use a sub-frame to steal entered data -- placing passwords or credit card information, for example, at risk.
Thunderbird Impacted Too
Firefox will download the latest update automatically by default. It is also available via the browser's auto-update feature or downloaded directly from the Firefox Web site.
Users of the Thunderbird e-mail application also are advised to install the Firefox update, since the two applications run on the same engine.
Print Version
E-Mail Article
Reprints
More by ECT News Staff
Talkback: Next Article in Security
|
Readiness for Cyberterrorism Questioned September 16, 2006 
"Throwing up a firewall does nothing if it doesn't have adequate rules and no one is responsible for managing the technology," noted Michael Sutton, a security evangelist for SPI Dynamics. "Likewise, putting a policy in an employee manual is a waste of time if you don't also educate employees and apply controls to ensure that the rules are adhered to."
|
Related Stories
|
Microsoft Extends Olive Branch to Mozilla Developers August 22, 2006 
Sam Ramji, an executive with Microsoft's Open Source Software Lab, posted an invitation to Mozilla developers Saturday to accept one-on-one support from his firm. The invitation is seen as an effort by the software giant to foster the development of open source applications that would be compatible with the Windows Vista operating system.
|
Google, Mozilla, RealNetworks Seal Software Bundling Deal August 03, 2006 
Google, RealNetworks and Mozilla have agreed to extend a deal that bundles the Google Toolbar and Mozilla's Firefox Web browser with RealNetworks applications. Users have the option to download the Google and Firefox features via RealPlayer, RealArcade games and the Rhapsody music service.
|
Related News Alerts
More by ECT News Staff
|
RIAA, YouTube, China: Plotting New and Creative Ways to Separate You From the Internet March 28, 2009 
RIAA finds an alternative to suing ... Warner muzzles YouTube audio ... China muzzles YouTube altogether ... gaming bucks recessionary trend ... OnLive promises console-free gaming ... Blockbuster teams up with TiVo, and more.
|
Merger Madness: Love Is in the Air March 21, 2009 
Cisco buys video cam maker ... IBM targets Sun for acquisition ... Facebook Connect makes its way onto the iPhone ... Hulu reveals its actual secret purpose ... Seattle P-I shuts down the presses ... EPIC aims to burst Google's cloud, and more.
|
YouTube vs. Royalties, Spy vs. Spy, Dell vs. a Firehose March 14, 2009 
YouTube, UK royalties agency get into it ... U.S. Cybersecurity czar takes a hike ... Dell rolls out rugged laptop ... Google tries out expanding advertisements ... sheriff sues Craigslist over prostitution ... Google's Schmidt denies interest in Twitter purchase, and more.
|
