Headline FeedsThe Mozilla Foundation patches seven security flaws with version 1.5.0.7 of its Firefox browser. Four of them, rated "critical," would allow attackers to install software on vulnerable computers.
Latest Firefox Version Plugs 7 Security Holes
Mozilla's Firefox -- the browser that has succeeded in grabbing market share from Internet Explorer, largely based on its reputation for better security -- has experienced some bugs of its own. The Mozilla Foundation said it patched seven critical and non-critical flaws in the latest Firefox release.
Think you have to compromise on security to save on costs? Think Again. Trend Micro™ Enterprise Security, powered by the Trend Micro Smart Protection Network™, can lower your content security management costs by up to 40%. Find out just how much you’ll save with our TCO Impact Calculator.
The critical problems include a JavaScript error that could permit remote execution of code and a vulnerability that could permit RSA signature forging.
RSA certificates are used to authenticate secure Web sites and digitally signed e-mail 
messages.
"Critical" is the highest level on Mozilla's security scale. All Firefox users are urged to install the new version immediately.
Misplaced Trust
Among the non-critical flaws, there are two that relate to "sub-frames."
In one case, an attacker could use the pop-up blocker status bar to trick a user into believing that a blocked pop-up window came from a trusted site.
In another instance, a non-critical vulnerability could allow a user to be directed to a trusted site in a new window, where an attacker could use a sub-frame to steal entered data -- placing passwords or credit card information, for example, at risk.
Thunderbird Impacted Too
Firefox will download the latest update automatically by default. It is also available via the browser's auto-update feature or downloaded directly from the Firefox Web site.
Users of the Thunderbird e-mail application also are advised to install the Firefox update, since the two applications run on the same engine.
Print Version
E-Mail Article
Reprints
More by ECT News Staff
Talkback: Next Article in Security
|
Grisoft Launches Beta of New AVG Internet Security Suite September 12, 2006 
Grisoft has added AVG Anti-Spyware and AVG Anti-Malware to the new suite, which integrates antivirus and anti-spyware features. The expanded product also provides improvements in data protection. Beta versions of AVG 7.5 products are designated for compatibility testing in a large number of different hardware and software configurations.
|
Related Stories
|
Microsoft Extends Olive Branch to Mozilla Developers August 22, 2006 
Sam Ramji, an executive with Microsoft's Open Source Software Lab, posted an invitation to Mozilla developers Saturday to accept one-on-one support from his firm. The invitation is seen as an effort by the software giant to foster the development of open source applications that would be compatible with the Windows Vista operating system.
|
Google, Mozilla, RealNetworks Seal Software Bundling Deal August 03, 2006 
Google, RealNetworks and Mozilla have agreed to extend a deal that bundles the Google Toolbar and Mozilla's Firefox Web browser with RealNetworks applications. Users have the option to download the Google and Firefox features via RealPlayer, RealArcade games and the Rhapsody music service.
|
Related News Alerts
More by ECT News Staff
|
RIAA, YouTube, China: Plotting New and Creative Ways to Separate You From the Internet March 28, 2009 
RIAA finds an alternative to suing ... Warner muzzles YouTube audio ... China muzzles YouTube altogether ... gaming bucks recessionary trend ... OnLive promises console-free gaming ... Blockbuster teams up with TiVo, and more.
|
Merger Madness: Love Is in the Air March 21, 2009 
Cisco buys video cam maker ... IBM targets Sun for acquisition ... Facebook Connect makes its way onto the iPhone ... Hulu reveals its actual secret purpose ... Seattle P-I shuts down the presses ... EPIC aims to burst Google's cloud, and more.
|
YouTube vs. Royalties, Spy vs. Spy, Dell vs. a Firehose March 14, 2009 
YouTube, UK royalties agency get into it ... U.S. Cybersecurity czar takes a hike ... Dell rolls out rugged laptop ... Google tries out expanding advertisements ... sheriff sues Craigslist over prostitution ... Google's Schmidt denies interest in Twitter purchase, and more.
|
