Web Security News

Firefox patches multiple vulnerabilities

Friday, March 6, 2009

Mozilla issued a new update to its browser this week to patch multiple security issues that could have potentially allowed a cybercriminal to launch arbitrary code on a user's computer as well as a denial-of-service attack.

Firefox 3.0.7 addresses three issues that were rated critical, one that was rated high and another rated low on the company's scale. All the issues patched by the company affected Firefox, Thunderbird and SeaMonkey products.

The vulnerabilities, if left unpatched, could have allowed cybercriminals access to a user's personal data on a machine, which could lead to identity theft. Also, according to Mozilla, hackers could have spoofed the location bar in the browser.

Mozilla said the browser's issues involved several stability bugs and that some of the program crashes witnessed by the company's security officials showed evidence of memory corruption.

These vulnerabilities are similar to another browser's recent security patch. The Opera browser fixed an "extremely severe" issue where specially-crafted JPEG images could have caused the browser to corrupt memory and crash, leaving it open to arbitrary code execution.ADNFCR-1765-ID-19061577-ADNFCR

Related News:

Network security concerns prompt postponement of Google phones in China - 1.20.2010
The Wall Street Journal reports that Google has decided to indefinitely postpone the launch of two of its Android smartphones to the Chinese market, which pundits have taken as further proof of the growing rift between the search giant and the Chinese government.

Cloud network security concerns prompt Microsoft to propose new laws - 1.20.2010
Microsoft's general counsel, Brad Smith, told an audience at the Brookings Institution today that the government should step in to regulate the emerging cloud computing industry and help protect businesses and consumers from fraud and abuse.

Network security experts unmask command servers behind Google attack - 1.19.2010
Researchers at VeriSign's iDefense lab have published a report claiming that the Chinese government was responsible for the recent large-scale cyber attacks that targeted Google and other U.S. companies.

Out-of-band IE patch to fix widespread vulnerability - 1.19.2010
Microsoft will issue a patch to its Internet Explorer browser software before its next scheduled update, intended to fix the flaw that enabled hackers to launch a damaging cyber attack on numerous U.S. companies.

France and Germany warn citizens to avoid using Internet Explorer - 1.18.2010
The governments of both France and Germany have issued official warnings to their citizenry, saying that, until Microsoft releases a patch for the widely-used Internet Explorer web browser, it is a threat to network security and should not be used.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now