HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 4 MINUTES AGO.
You are here: Home / Data Security / Firefox Issues Rash of Security Fixes
Firefox Issues Rash of Security Fixes
Firefox Issues Rash of Security Fixes
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
17
2008

While Microsoft scrambled to issue an out-of-cycle patch for Internet Explorer on Wednesday, Mozilla did some rushing of its own.

The Firefox developer has issued updates to address "critical vulnerabilities" in versions 2 and 3 of its open-source browser.

Firefox describes a critical vulnerability as one that can be used to run attacker code and install software without user interaction beyond normal browsing.

Security, Stability, Accessibility

Firefox 3.0.5 and Firefox 2.0.0.19 are now available for Windows, Mac and Linux. Firefox 3.0.5 fixes eight security vulnerabilities, three of them critical. The critical fixes include XSS vulnerabilities in SessionStore, XSS and JavaScript privilege escalation, and crashes with evidence of memory corruption.

The Firefox 3.0.5 update also fixes several stability issues and issues found in accessibility implementation, adds the ability to send OS-specific system notes in the crash reporter, and replaces the End-User License Agreement with a new "Know Your Rights" info bar on the initial installation. With Firefox 3.0.5, the browser becomes available in Bengali, Esperanto, Galician, Hindi and Latvian.

Discontinuing Firefox 2 Support

"Mozilla is not planning any further security and stability updates for Firefox 2, and recommends that you upgrade to Firefox 3 as soon as possible. It's free, and your settings and bookmarks will be preserved," the Firefox advisory said.

Firefox 2.0.0.19 fixes 10 bugs in the browser, four of which are critical. The critical patches fix XSS vulnerabilities in the SessionStore, XSS and JavaScript privilege escalation, additional XSS attack vectors in feed preview, and crashes with evidence of memory corruption.

"Also, the Phishing Protection service will no longer be available for Firefox 2 users," Firefox said. "Firefox 3 offers a free Phishing and Malware Protection service, which will continue to protect you from online scams and attacks."

Browser Insecurities

These highly critical vulnerabilities found in Firefox show that no browser is immune to programming flaws, according to Wolfgang Kandek, CTO of Qualys.

"A program as powerful and complex as Firefox -- or for that matter, Internet Explorer -- has a high chance to contain vulnerabilities in its myriads of features," Kandek said. "In this case one of the vulnerabilities abuses the Firefox 'SessionStore' API, which is a comfort feature of Firefox, and unnecessary for normal Internet browsing."

As Kandek sees it, a smaller, leaner browser will most likely be able to maintain a better security record than its over-featured competitors. That assumption leaves the door open for a browser like Google's Chrome.

"It will be interesting to see how Googlešs Chrome browser fares in comparison to both Firefox and Internet Explorer," Kandek said. "On the positive side, Firefox's integrated upgrade mechanism provides users a quicker update cycle than Microsoft's OS-based update program and assures that Firefox users are always using the latest and safest version of the software."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN DATA SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.