Firefox & Safari Updated to Patch VulnerabilitiesMozilla released version 2.0.0.14 of the Firefox web browser on April 16, 2008. The new version is to update the browser by patching security vulnerability that developers created when fixing some previous bug, said security researchers at Mozilla. Apple too released a newer version of Safari to patch four security flaws affecting the browser under Mac OS X and Windows. The flawed browser allowed attackers to open specially crafted Websites on it to load trojans that could execute XSS (cross-site scripting) attacks or hoax the browser's address bar. In its security advisory MFSA2008-20, Mozilla said that the vulnerabilities impact the JavaScript Garbage Collector. These apparently could cause the browser to crash following the alterations made to plug the holes revealed in the MFSA2008-15 security advisory. Consequently, it could allow injecting and running malicious code. No demonstration was, however, made of any exploit in the present case as it had been done previously with similar situations. Of the four Safari flaws, only two affect Windows while the remaining two seemingly affect both Windows and Mac OS X. Under Windows, exploitation of the flaws could allow malicious file downloads that could cause the computer to crash or allow execution of injected code. Further, Websites could alter the name on the address bar and not load the intended site. Although the developers of Apple had already fixed the vulnerability in Safari Beta 3.0.2, it was reinstated only in version 3.1. Under Mac OS X and Windows, Regular Expressions in JavaScript can result in a buffer overflow with which it becomes possible for execution of arbitrary code. Also, attackers could add changes to the address of a Website allowing XSS attacks. It seems the JavaScript vulnerability was exploited in the PWN-to-OWN competition to break into a MacBook Air. The Firefox flaw also influences the Seamonkey browser and the Thunderbird e-mail client. There is, however, no revised version for any of the two applications as yet. Firefox users need to fast install the latest version available via the automatic update mechanism. Likewise, Safari users too should load the new version 3.1.1, also available automatically via software update. Related article: Firefox Gets Vulnerable With JavaScript ยป SPAMfighter News - 4/22/2008 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!