Careers & Certifications

06:06 PM
Connect Directly
RSS
E-Mail
50%
50%

Mozilla Patches 13 Firefox Flaws

Mozilla rolls out a Firefox security update that patches 13 vulnerabilities, 8 of them judged "critical." The overall update has been tagged as "highly critical."

Mozilla Corp. late Wednesday began rolling out a Firefox security update that patched 13 vulnerabilities, 8 of them judged "critical" by the Mountain View, Calif. open-source developer.

The update, which brings Firefox to 1.5.0.5, automatically downloads to existing copies of Firefox 1.5.x, but can also be retrieved in its entirety from the Mozilla Web site in versions for Windows, Linux, Mac OS X in 37 localized editions.

All 8 of the bugs tagged "critical" by Mozilla involve vulnerabilities and/or errors in JavaScript, the scripting language heavily used by the browser. JavaScript, like the ActiveX controls in the rival browser Internet Explorer, is the dominant source of Firefox flaws.

Danish vulnerability tracker Secunia tagged the overall update as "highly critical," the second-from-the-top threat ranking. "[These] multiple vulnerabilities can be exploited to conduct cross-site scripting attacks or compromise a user's system," Secunia's online research note read.

A majority of the bugs will allow an attacker to introduce his own code to a vulnerable system; several of them can be exploited by posting malicious code or content on Web sites and enticing users to visit those sites.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Cartoon
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed