Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

Firefox & Safari Updated to Patch Vulnerabilities

Mozilla released version 2.0.0.14 of the Firefox web browser on April 16, 2008. The new version is to update the browser by patching security vulnerability that developers created when fixing some previous bug, said security researchers at Mozilla.

Apple too released a newer version of Safari to patch four security flaws affecting the browser under Mac OS X and Windows. The flawed browser allowed attackers to open specially crafted Websites on it to load trojans that could execute XSS (cross-site scripting) attacks or hoax the browser's address bar.

In its security advisory MFSA2008-20, Mozilla said that the vulnerabilities impact the JavaScript Garbage Collector. These apparently could cause the browser to crash following the alterations made to plug the holes revealed in the MFSA2008-15 security advisory. Consequently, it could allow injecting and running malicious code. No demonstration was, however, made of any exploit in the present case as it had been done previously with similar situations.

Of the four Safari flaws, only two affect Windows while the remaining two seemingly affect both Windows and Mac OS X. Under Windows, exploitation of the flaws could allow malicious file downloads that could cause the computer to crash or allow execution of injected code. Further, Websites could alter the name on the address bar and not load the intended site. Although the developers of Apple had already fixed the vulnerability in Safari Beta 3.0.2, it was reinstated only in version 3.1.

Under Mac OS X and Windows, Regular Expressions in JavaScript can result in a buffer overflow with which it becomes possible for execution of arbitrary code. Also, attackers could add changes to the address of a Website allowing XSS attacks. It seems the JavaScript vulnerability was exploited in the PWN-to-OWN competition to break into a MacBook Air.

The Firefox flaw also influences the Seamonkey browser and the Thunderbird e-mail client. There is, however, no revised version for any of the two applications as yet. Firefox users need to fast install the latest version available via the automatic update mechanism. Likewise, Safari users too should load the new version 3.1.1, also available automatically via software update.

Related article: Firefox Gets Vulnerable With JavaScript

ยป SPAMfighter News - 22-04-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next