Mozilla patches 11 Firefox bugs, six critical
Plugs SSL hole reported by Microsoft researchers
Computerworld - Mozilla on Thursday patched 11 vulnerabilities in Firefox, more than half of them labeled "critical."
The update was the first since late April, when Mozilla rushed out a refresh to plug a hole that the company's developers has inadvertently introduced in the Windows version of the browser, and came just days after the launching of a "tweener" build of the upcoming Firefox 3.5.
Of the 11 flaws fixed in Firefox 3.0.11, six were rated critical, one "high," two "moderate" and two "low" in Mozilla's four-step system.
The SSL tampering vulnerability was reported to Mozilla by three researchers working for browser rival Microsoft, and a fourth at Purdue University. The four -- Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang -- co-wrote a paper titled "Pretty-Bad-Proxy: An Overlooked Adversary in Browsers' HTTPS Deployments," that they published May 1 (download PDF). Mozilla ranked the vulnerability as "high."
Thursday's update was the fifth this year for Firefox 3.x, but not the first for Mozilla's browsers this week.
On Monday, Mozilla rolled out Firefox 3.5 Preview, a build the company said is a near-finished version of the official Release Candidate, or RC. Although new-found bugs had delayed the RC's release yet again, Mozilla wanted to get something in testers' hands, and so took the unusual step of delivering the Preview.
At this point, Mozilla has not set a scheduled for posting Firefox 3.5 RC, once slated to appear the first week of June. In notes on a status meeting the company held Wednesday, Mozilla simply noted that it would release the RC "you know, when it's ready."
Firefox 3.5 Preview is being offered only to users who have already installed Beta 4 of the browser upgrade.
Firefox 3.0.11 can be downloaded for Windows, Mac OS X and Linux, but current users can also call up their browser's built-in updater or wait for the automatic update notification, which should pop up in the next 48 hours.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts