Mozilla patches Firefox, but leaves some flaws unfixed
Although 14 vulnerabilities were fixed, several more remain
Computerworld - Mozilla Corp. updated Firefox Friday to patch 14 vulnerabilities, three of them critical, but pushed out the new versions without fixing several flaws.
Firefox 22.214.171.124 and Firefox 126.96.36.199, which originally were to release on Wednesday, were delayed to patch a series of bugs, including some disclosed this month by Polish researcher Michal Zelewski. Two others forwarded to Mozilla developers by Zelewski, however, didn't make it into today's updates.
"Neither of those will make this release," said Daniel Veditz, of the Mozilla security in an e-mail. "It is important that we get the security fixes we have into the hands of our users."
Of the bugs filed by Zelewski but not fixed in the updates, the most serious is a memory corruption flaw that could let attackers inject code remotely into Firefox-equipped machines simply by duping users into visiting a malicious Web page. "Firefox is susceptible to a seemingly pretty nasty, and apparently easily exploitable, memory corruption vulnerability," wrote Zelewski in the Bugzilla database.
Also unrepaired in the latest browser versions is a third Zelewski-discovered bug that could give cybercriminals a leg up when running phishing attacks.
Mozilla spelled out the security fixes in Firefox 188.8.131.52 and 184.108.40.206 here.
Firefox 220.127.116.11 is nearly at the end of its supported lifespan. After April 24, Mozilla will stop issuing security and stability updates to that edition.
Firefox 18.104.22.168 can be downloaded from the Mozilla Web site in versions for Windows, Mac OS X and Linux in 36 languages. Users can also update current editions with the Check for Updates command in the Help menu.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts