Go Back   The Scream! > COMPUTER RELATED > PC Security

Reply
 
Thread Tools Display Modes
  #1  
Old 17-July-2008, 18:16
gem's Avatar
gem gem is offline
 
Join Date: May 2001
Location: Currently in Brittany, France
Posts: 5,606
News! Firefox sweeps away carpet bombing bug

From The Register
Firefox sweeps away carpet bombing bug
By John Leyden Published Thursday 17th July 2008 10:28 GMT

Mozilla has plugged two critical security holes in versions 2 and 3 of Firefox.
Version 2.0.0.16 fixes a code injection risk involving vulnerabilities in its CSS reference counter, and a flaw in handling command-line URLs that means multiple tabs can be launched when Firefox is not running. The first flaw also affects the Thunderbird email clients when JavaScript is enabled for email reading. Such a set-up is generally a bad idea.

The second flaw allows multiple tabs to be launched in Firefox even when it's not open. This is an attack vector for the Mozilla side of a blended threat ariseing when Apple's Safari browser is installed on the same systems as either Internet Explorer or Firefox. Dubbed the "carpet bombing" bug, this was disclosed by independent researcher Billy Rios in May and patched by Apple - after some foot-dragging - in June.

Mozilla has also released a stability and security upgrade for the latest version of its browser. Firefox 3.0.1 includes fixes for the same two bugs that affect the earlier version of the browser, as well as a fix for a bug specific to version 3 which means malformed GIF files pose a code injection risk to Mac OS X systems running the latest version of the browser.

Firefox 3.0.1 - the first upgrade to the latest version of Mozilla's flagship browser software - came out on Wednesday, a day after the version 2 update. Support for version 2 ends in mid-December.
__________________
GEM
Reply With Quote
Reply

Tags
bad, email, files, internet, line, mail, security, software

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Firefox update fixes compatibility snags gem PC Security 0 22-March-2007 12:41
Firefox zero-day exploit surfaces gem General Software 2 04-October-2006 10:52
Overhaul for Firefox web browser gem General Software 0 29-November-2005 15:52
Mozilla and Firefox flaws exposed gem General Software 2 08-January-2005 11:56
Mozilla bug rears its head gem PC Security 0 09-July-2004 14:20


All times are GMT +1. The time now is 14:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright 1999-2014 The Scream!