Firefox & Safari Updated to Patch Vulnerabilities
Mozilla released version 22.214.171.124 of the Firefox web browser on April 16, 2008. The new version is to update the browser by patching security vulnerability that developers created when fixing some previous bug, said security researchers at Mozilla.
Apple too released a newer version of Safari to patch four security flaws affecting the browser under Mac OS X and Windows. The flawed browser allowed attackers to open specially crafted Websites on it to load trojans that could execute XSS (cross-site scripting) attacks or hoax the browser's address bar.
Of the four Safari flaws, only two affect Windows while the remaining two seemingly affect both Windows and Mac OS X. Under Windows, exploitation of the flaws could allow malicious file downloads that could cause the computer to crash or allow execution of injected code. Further, Websites could alter the name on the address bar and not load the intended site. Although the developers of Apple had already fixed the vulnerability in Safari Beta 3.0.2, it was reinstated only in version 3.1.
The Firefox flaw also influences the Seamonkey browser and the Thunderbird e-mail client. There is, however, no revised version for any of the two applications as yet. Firefox users need to fast install the latest version available via the automatic update mechanism. Likewise, Safari users too should load the new version 3.1.1, also available automatically via software update.
» SPAMfighter News - 22-04-2008