Mozilla patches 13 Firefox security bugs
Re-patches March bug fix, updates to Firefox 3.6.13
Computerworld - Mozilla on Thursday patched 13 vulnerabilities in Firefox, including a re-patch for a bug that was thought quashed in March 2010.
Eleven of the 13 were rated "critical," the threat level representing bugs that hackers could conceivably use to hijack a system or infect it with malware. Of the two remaining vulnerabilities, one was labeled "high" and the second was tagged as "moderate."
The patched versions were designated Firefox 3.6.13 and Firefox 3.5.16 by Mozilla, which continues to provide security updates for Firefox 3.5.
In the past, Mozilla has supported older versions of browsers for approximately six months after the release of the next version; if it had followed that practice with Firefox 3.5, Mozilla would have retired the browser in July 2010, six months after the debut of Firefox 3.6.
One of the 13 patches is a second crack at a flaw in Firefox exposed by Firebug, the popular Web development and debugger add-on.
First patched in March -- when Mozilla said it did not affect Firefox 3.6 -- Thursday's repeat was necessary because the researcher who originally reported the flaw found that that fix could be sidestepped.
The new patch applies to both Firefox 3.5 and 3.6, said Mozilla.
Other patches addressed browser engine memory bugs, buffer and integer overflows, and a location bar SSL spoofing flaw. The update also fixed nearly 70 non-security flaws, including several stability bugs that Mozilla tracked through user-submitted crash reports.
Like Google when it patches Chrome, Mozilla temporarily bars public access to technical details of the critical vulnerabilities it patches until most users have been notified of the update. The company's Bugzilla change and bug-filing database, for example, lets anyone see the listings for the two non-critical vulnerabilities in yesterday's update, but blocks access to the 11 critical flaws.
The next major upgrade, Firefox 4, was to reach Beta 8 on Nov. 30 -- later pushed back to Dec. 9 -- but has been delayed again, according to notes on Mozilla's site. It now won't appear before Dec. 16. In October Mozilla acknowledged that it could not keep to its original development schedule, and announced Firefox 4 would not launch until early 2011.
Firefox has been steadily losing usage share as measured by Web metrics company Net Applications. Last month, the browser's global share slipped to 22.8%, its lowest mark since August 2009.
Users can update to Firefox 3.6.13 by downloading the new edition or by selecting "Check for Updates" from the Help menu in the browser. Firefox 3.5 users can obtain version 3.5.16 with the update tool.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!