Mozilla patches Firefox, but leaves some flaws unfixed
Although 14 vulnerabilities were fixed, several more remain
Computerworld - Mozilla Corp. updated Firefox Friday to patch 14 vulnerabilities, three of them critical, but pushed out the new versions without fixing several flaws.
Firefox 18.104.22.168 and Firefox 22.214.171.124, which originally were to release on Wednesday, were delayed to patch a series of bugs, including some disclosed this month by Polish researcher Michal Zelewski. Two others forwarded to Mozilla developers by Zelewski, however, didn't make it into today's updates.
"Neither of those will make this release," said Daniel Veditz, of the Mozilla security in an e-mail. "It is important that we get the security fixes we have into the hands of our users."
Of the bugs filed by Zelewski but not fixed in the updates, the most serious is a memory corruption flaw that could let attackers inject code remotely into Firefox-equipped machines simply by duping users into visiting a malicious Web page. "Firefox is susceptible to a seemingly pretty nasty, and apparently easily exploitable, memory corruption vulnerability," wrote Zelewski in the Bugzilla database.
Also unrepaired in the latest browser versions is a third Zelewski-discovered bug that could give cybercriminals a leg up when running phishing attacks.
Mozilla spelled out the security fixes in Firefox 126.96.36.199 and 188.8.131.52 here.
Firefox 184.108.40.206 is nearly at the end of its supported lifespan. After April 24, Mozilla will stop issuing security and stability updates to that edition.
Firefox 220.127.116.11 can be downloaded from the Mozilla Web site in versions for Windows, Mac OS X and Linux in 36 languages. Users can also update current editions with the Check for Updates command in the Help menu.
Read more about Security in Computerworld's Security Topic Center.
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!