iTWire - Critical security fixes arrive for Firefox 2 and 3

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

Critical security fixes arrive for Firefox 2 and 3

E-mail

by Stephen Withers
Thursday, 17 July 2008
Page 1 of 2 New updates to Firefox 2 and 3 include security patches for critical flaws that could expose users to remote code execution. The Firefox 3 update also includes bug fixes for stability and other issues. Featured Whitepaper 5 Best Practices for Smartphone Support Firefox 2.0.0.16 addresses two critical issues. The first could lead to remote code execution by causing a variable to overflow by creating a very large number of references to a CSS object. This flaw was reported to Mozilla by TippingPoint's Zero Day Initiative, which pays security researchers for new vulnerabilities and then reveals the details to the vendor concerned under self-imposed 'responsible disclosure' guidelines. The other issue provides a way of partially bypassing a previous Firefox patch. Passing a command line URI containing "\|" symbols caused Firefox to open multiple tabs, which could be used to launch chrome: URIs from the command line. This is undesirable as chrome is not supposed to be opened by applications for security reasons. Another Internet-connected application could use this technique to cause Firefox to open files stored in known or guessable locations, for instance files that had been downloaded by a Safari 'carpet bombing' attack. These attacks can only work if Firefox is not already running. Firefox 3 flaws fixed by the 3.0.1 update cover the pair described above, plus a Mac OS X-specific issue whereby rendering a maliciously crafted GIF file causes a crash and potential arbitrary code execution. More foxy fixes on page 2! << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.