Firefox’s Flaws Patched, Thunderbird Remains Vulnerable

Mozilla Corp., which patched its Firefox browser's security flaws on March 4, 2009, described six of them as "critical", one as "high" and the last one as "low" in the company's four-stage ranking arrangement.

In a warning through its security statements/advisories, Mozilla said that the vulnerability, which is the most severe among the 6 flaws for the latest editions of Windows, Linux and Mac operating software, enables hackers to execute arbitrary code on a compromised system. The advisories were issued on March 4, 2009.

Moreover, the 8 'critical' security vulnerabilities impacts Firefox's garbage collection - that monitors the way Firefox applications utilize the memory of the computer- along with the browser's Portable Network Graphics (PNG) libraries. Mozilla stated that the PNG library bug could be triggered by any corrupt image such as one infected with a Trojan or malware on an Internet page. This leads to the execution of malicious codes.

Furthermore, other flaws that Mozilla patched could allow hackers to spoof URLs and to trick users to access a phishing site where their private information could be stolen.

Meanwhile, Mozilla Messaging Inc.'s e-mail client Thunderbird (like Microsoft's Outlook) remains un-patched in spite of the fact that above mentioned six flaws affecting it. Thus, Thunderbird continues to be susceptible to hackers' attacks.

Security specialists suggest that till an update for Thunderbird is ready, users could lessen the danger using PNG images by loading images only from reliable e-mails. They are also advised to avoid clicking on just any image they come across to prevent the execution of malicious code or download of malware. The remaining flaws could be also evaded with JavaScript turned off since JavaScript could also allow execution of arbitrary codes.

In the meantime, Firefox released its update after one day since Opera released the latest edition of its browser software, mainly to address the different security holes discovered. Thus, the week turned out to be busy in terms of securing of browsers. Firefox was quick to fix its flaws to avoid getting into competition with rival, Opera.

Related article: Firefox Gets Vulnerable With JavaScript

» SPAMfighter News - 3/21/2009