Mozilla patches 11 bugs in Firefox
Also modifies license to correct 'giant mistake' with EULA
"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," said Mozilla in the accompanying advisory.
Mozilla also updated the older Firefox to 18.104.22.168, patching all but one of the bugs fixed in 3.0.2, but also addressing several issues specific to the aging browser.
It's unclear how many more updates Mozilla will release for Firefox 2.0 -- it doesn't produce them on a set schedule -- because it has already announced it will drop the browser this December. Yesterday, Mozilla continued to urge users to upgrade to Firefox 3.0.
One of the bugs in both Firefox 2.0 and 3.0, although rated only low, was described by Mozilla as a variant of a "click-hijacking" vulnerability first reported in Microsoft Corp.'s Internet Explorer by Liu Die Yu, a researcher noted for finding flaws in IE. Microsoft first patched the bug in 2003, then patched it again the following year.
A Mozilla developer, Paul Nickerson, was credited with uncovering the Firefox variant, which could be used to force a user to download a file.
Mozilla also addressed several other issues in Firefox with 3.0.2, including several stability problems and a bug that caused browsers with customized toolbars to delete the back and forward buttons.
Because the update was delayed to take into account some last-minute fixes, Mozilla also modified the licensing language in Linux versions to eliminate an end-user licensing agreement (EULA) that open-source advocates and users had objected to. Last week, Mitchell Baker, chairman of the Mozilla Foundation and Mozilla Corp., admitted that prompting Linux users to accept the EULA had been a "giant mistake."
Users can download the update for Windows, Mac OS X and Linux from the Mozilla site, call up their browser's built-in updater or wait for the automatic update notification, which typically appears within 24 to 48 hours.
Read more about Networking in Computerworld's Networking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- The Critical Role of Support in Your Enterprise Mobility Management Strategy Most business leaders underestimate the importance of tech support when they choose an EMM solution. Here's what to put on your checklist.
- Separating Work and Personal at the Platform Level: How BlackBerry Balance Works BlackBerry® Balance™ separates work from personal on the same mobile device, right at a platform level. Find out how it can work for...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of... All Networking White Papers | Webcasts