Firefox 2.0.0.13 Update Patch Critical VulnerabilitiesMozilla recently launched Firefox 2.0.0.13 update to rectify the security vulnerabilities in the software. The new release will patch several critical loopholes in the software that could be misused by hackers to insert malicious code and fake content, as reported by Heise on March 26, 2008. As per the security researchers at Mozilla, the loopholes fixed in the new release include fixing a vulnerability that could allow hackers to misuse the URL. It means a user could be directed to a malicious site but the URL of the Website seems genuine. The JavaScript engine of browser encompasses multiple vulnerabilities. With these vulnerabilities, attackers get lots of advantages like execution of external code in browser and can also do cross-site scripting (MFSA-2008-15, MFSA-2008-14). Security advisory elaborated about MFSA-2008-18 vulnerability that permits Java applets accessing port on local computers. As per security advisory by Mozilla, Sun patched a new bug in its new Java Runtime edition. In response, Mozilla programmers also added countermeasures in their new edition. The security loophole permits attackers to create borderless pop up from hidden tab using the Web pages and plants it on user's active tab. It is an ideal way to steal form elements and pilfer important data like login data. Security researchers of Mozilla also disclosed that attackers could protect their methods from CSRF (Cross-Site Request Forgery) by using some other Websites. But there is a condition if server-side guard needs to be based on the referrer checking because there is a possibility to counterfeit HTTP (Hypertext Transfer Protocol) referrer (MSFA-2008-16). Moreover, Mozilla browser could also disclose personal information if users have personal certificates. This certificate appears during Secure Sockets Layer (SSL) client verification by default. As per MFSA-2008-17, security advisory, after the update, browser inquires the users before revealing the client certificates on request of a Website. Many of the security flaws impact the mail client of Thunderbird and Seamonkey browser suite. Seamonkey 1.1.9 and Thunderbird edition 2.0.0.13 are versions referred by security advisors in which the bugs should have fixed. However, these editions aren't distributed automatically. The Firefox users need to install update as vulnerabilities could be exploited for injecting Trojans. Related article: Firefox Gets Vulnerable With JavaScript ยป SPAMfighter News - 4/7/2008 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
