Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Security Solutions / Firefox Issues Rash of Security Fixes
Firefox Issues Rash of Security Fixes
Firefox Issues Rash of Security Fixes
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
While Microsoft scrambled to issue an out-of-cycle patch for Internet Explorer on Wednesday, Mozilla did some rushing of its own.

The Firefox developer has issued updates to address "critical vulnerabilities" in versions 2 and 3 of its open-source browser.

Firefox describes a critical vulnerability as one that can be used to run attacker code and install software without user interaction beyond normal browsing.

Security, Stability, Accessibility

Firefox 3.0.5 and Firefox are now available for Windows, Mac and Linux. Firefox 3.0.5 fixes eight security vulnerabilities, three of them critical. The critical fixes include XSS vulnerabilities in SessionStore, XSS and JavaScript privilege escalation, and crashes with evidence of memory corruption.

The Firefox 3.0.5 update also fixes several stability issues and issues found in accessibility implementation, adds the ability to send OS-specific system notes in the crash reporter, and replaces the End-User License Agreement with a new "Know Your Rights" info bar on the initial installation. With Firefox 3.0.5, the browser becomes available in Bengali, Esperanto, Galician, Hindi and Latvian.

Discontinuing Firefox 2 Support

"Mozilla is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible. It's free, and your settings and bookmarks will be preserved," the Firefox advisory said.

Firefox fixes 10 bugs in the browser, four of which are critical. The critical patches fix XSS vulnerabilities in the SessionStore, XSS and JavaScript privilege escalation, additional XSS attack vectors in feed preview, and crashes with evidence of memory corruption.

"Also, the Phishing Protection service will no longer be available for Firefox 2 users," Firefox said. "Firefox 3 offers a free Phishing and Malware Protection service, which will continue to protect you from online scams and attacks."

Browser Insecurities

These highly critical vulnerabilities found in Firefox show that no browser is immune to programming flaws, according to Wolfgang Kandek, CTO of Qualys.

"A program as powerful and complex as Firefox -- or for that matter, Internet Explorer -- has a high chance to contain vulnerabilities in its myriads of features," Kandek said. "In this case one of the vulnerabilities abuses the Firefox 'SessionStore' API, which is a comfort feature of Firefox, and unnecessary for normal Internet browsing."

As Kandek sees it, a smaller, leaner browser will most likely be able to maintain a better security record than its over-featured competitors. That assumption leaves the door open for a browser like Google's Chrome.

"It will be interesting to see how Google¹s Chrome browser fares in comparison to both Firefox and Internet Explorer," Kandek said. "On the positive side, Firefox's integrated upgrade mechanism provides users a quicker update cycle than Microsoft's OS-based update program and assures that Firefox users are always using the latest and safest version of the software."

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2016 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.