resource center
  See your link here
|
IDG News Service -
The Mozilla Foundation has patched two "extremely critical" security holes in its Firefox browser by releasing an updated version of the browser. Firefox 1.0.4 was posted to the Mozilla.org Web site late yesterday.
When used in tandem, the two bugs could be used by an attacker to take control of a Firefox user's system by exploiting the way Firefox handles software installations from certain trusted Web sites. Firefox automatically allows software to be installed from update.mozilla.org and addons.mozilla.org, but users who want to add software from other Web sites can add to this trusted list.
Earlier this week, The Mozilla Foundation made changes to Mozilla.org, which protected most users. But Web surfers who had added other Web sites to their trusted list were still vulnerable, said Chris Hofmann director of engineering with The Mozilla Foundation.
Danish security firm Secunia rated the exploit as "extremely critical," marking the first time a flaw in the open-source browser had received Secunia's most serious security rating (see story).
Firefox has gained market share against Microsoft Corp.'s Internet Explorer over the past year, in part because it has been considered less vulnerable to attacks. Since the release of Firefox 1.0 last November, however, a number of vulnerabilities have been discovered in the browser.
The Mozilla Foundation reports nearly 54 million Firefox downloads since the 1.0 release. Firefox has 6.8% of the browser market, according to WebSideStory Inc. But Internet Explorer is still used by nearly 89% of Web surfers, according to the research firm.
The 1.0.4 update also fixes two other minor security bugs as well as the way Firefox handles dynamic HTML (DHTML), said Hofmann. The DHTML bug caused "uncaught exception" errors to pop up on some Web pages in the 1.0.3 version of the browser.
More information on the new Firefox release can be found at http://www.mozilla.org/products/firefox/releases/1.0.4.html.
IDG.net
The State of PCI DSS Compliance at Organizations Today
Download this resource today!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Can Heuristic Technology Help Your Company Fight Viruses?
What is Heuristic Technology and how can it help safeguard your business against viruses? Learn more.
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Why Email Must Operate 24/7 and How to Make This Happen
Learn how to avoid an email outage by implementing a hosted email continuity solution.
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
