E-BUSINESS | TECHNOLOGY | CRM | LINUX | MAC | ECTNEWS.COM

Welcome | Log In

Technology
- Future Tech
- Gaming
- Green Tech
- Home Tech
  - Home Entertainment
  - Home Networks
- IT Resources
- Media Convergence
- Reviews
- Science
  - Med Tech
  - Space
- Tech Buzz
Computing
Mobile Tech
Internet
- P2P Tech
- Search Tech
- Web 2.0
- Web Apps
Security
IT Management
Reader Services
|
Tech Blog

Latest Firefox Version Plugs 7 Security Holes

By ECT News Staff
LinuxInsider
Part of the ECT News Network
09/18/06 8:57 AM PT

Mozilla's Firefox -- the browser that has succeeded in grabbing market share from Internet Explorer, largely based on its reputation for better security -- has experienced some bugs of its own. The Mozilla Foundation said it patched seven critical and non-critical flaws in the latest Firefox release.

Verio MPS Solutions
Verio managed server solutions deliver the power and flexibility of a dedicated server at a fraction of the price. Learn more about how Verio gives you increased control, scalability, uptime, and performance.

The Mozilla Foundation patches seven security flaws with version 1.5.0.7 of its Firefox browser. Four of them, rated "critical," would allow attackers to install software on vulnerable computers.

The critical problems include a JavaScript error that could permit remote execution of code and a vulnerability that could permit RSA signature forging.

RSA certificates are used to authenticate secure Web sites and digitally signed e-mail messages.

"Critical" is the highest level on Mozilla's security scale. All Firefox users are urged to install the new version immediately.

Misplaced Trust

Among the non-critical flaws, there are two that relate to "sub-frames."

In one case, an attacker could use the pop-up blocker status bar to trick a user into believing that a blocked pop-up window came from a trusted site.

In another instance, a non-critical vulnerability could allow a user to be directed to a trusted site in a new window, where an attacker could use a sub-frame to steal entered data -- placing passwords or credit card information, for example, at risk.

Thunderbird Impacted Too

Firefox will download the latest update automatically by default. It is also available via the browser's auto-update feature or downloaded directly from the Firefox Web site.

Users of the Thunderbird e-mail application also are advised to install the Firefox update, since the two applications run on the same engine.

Next Article in Internet:
Do It Yourself E-Commerce, Part 1: Now Bigger and Better

Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by ECT News Staff

Related News Alerts

Mozilla Foundation

Activate Alert | Search Archives

More Stories by ECT News Staff

Redmond Grinch Steals Cybercrooks' Christmas, Straight-Talk Express Breaks Down in Cupertino (19-Dec-08)
Android Emancipation and the Sweet Smell of WiFi: The Week in Tech (12-Dec-08)
HP's Wrath, Baidu's Greed and Other Deadly Sins (21-Nov-08)

[Search More...]

Shortcuts

Get Business and Technology News Alerts

Most Popular | Spotlight Features | Exclusives

This Week on ECT News Network | Podcasts

WiFi Hotspot Locator

Diagnosing Apple's PR Afflictions

Less Heat but Lots of Cool at CES

Will This CES Be the Last?

Palm Steals CES Spotlight With New Smartphone and OS

Dish Network Thinks Inside the Slingbox

Samsung Gives TV Viewers the Skinny With New LED-Backlit Series

Ballmer Offers Tempered Optimism in CES Keynote

Sony Positions Featherweight Vaio P as Full-Featured Notebook

How to Build a Small-Business Web Site, Part 3: Advanced Design

Toshiba Gives HDTVs New Tricks

Microsoft BI: 'Just Do It in Excel'

SanDisk Ramps Up Flash Memory Speed, Space

Unemployment Claim Systems Buckling Under Pressure

E-Commerce Times

Microsoft Swings Mobile Search Deal With Verizon

Lenovo Bites the Bullet, Cuts Jobs and Executive Pay

Bullish on Net Advertising: Q&A With AOL SVP Mike Peralta

The Approaching Superdomain Opportunity

TD Ameritrade Buys Thinkorswim to Bolster Options Volume

Macworld a Wistful Love-In for Apple Fans

Apple's Last Macworld: No 'Whoa!'

Wide Email for iPhone: Happy Thumbs

Rumor Mills Buzz Over Qualcomm-Chipped iPhone Nano

Jobs Responds to Health Scuttlebutt

Time to Build Your Communities

Make Customer Service Local and Strong

The Recession, the Cloud and Salesforce.com

7 Experts Paint Enterprise IT Landscape for 2009

A Tale of Power, Money and Poor Customer Service

How the Virtual Workforce Is Changing Everything

The Making of an Open Source Developer Hero

How MIDs Are Complicating Mobile Linux Development

Freescale Eyes Cheap Linux Netbooks With New Chip Design

Linuxy New Year's Resolutions

Sponsored Links

Is Your Wireless LAN Deployment at Risk?

Take the FREE Motorola AirDefense WLAN Security Assessment

Think your data is safe?

Think again. It's time to Outthink the Threat. Get eBook now.

Max your Mac...Parallels Server for Mac

Consolidate Mac Servers. Run Windows Server on your Mac. Watch a Demo or Download a Trial.

Akamai Web 2.0 White Paper

Web 2.0 is Here – Is Your Infrastructure Ready? Maximize the value of your interactive site.

Fujitsu ScanSnap

Scan with the Touch of a Button - Click to learn more.

WiFi Hotspot Locator

City or Zip/Postal Code:

Country/Region:

ECT News Network Information

Free Newsletters

Locate Products and Services

Corporate

Reader Services

Terms of Service | Privacy Policy | How To Advertise

Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.