Mozilla has patched a pair of nasty flaws in its Firefox browser, two weeks after security researchers first started posting code that showed how the flaws could be exploited in attacks.
The 2.0.0.6 version of Firefox, released Monday, fixes a pair of related flaws in the URL protocol handler component of Firefox, which is used to launch programs when a user clicks on certain specially crafted Web links.
Mozilla rates these problems critical, meaning they are a serious security risk. But they have also proven to be an embarrassment for the open source project.
Earlier in the month security researcher Thor Larholm showed how to exploit this type of problem in order to make Internet Explorer and Firefox jointly launch software on a user's machine without authorization. To make the attack work, IE would load malformed data from a Web site, then send it to Firefox, which would launch the unauthorized software
Microsoft and Mozilla disagreed about who was to blame, however, with Mozilla initially saying that the attack wouldn't work on Firefox alone.
But last week, Mozilla's security chief Window Snyder admitted that her team was wrong. "We thought this was just a problem with IE. It turns out, it is a problem with Firefox as well," she said in a blog posting. "We should have caught this scenario."
The URL protocol handler flaw will also be patched in Thunderbird 2.0.0.6, Thunderbird 1.5.0.13, and SeaMonkey 1.1.4, Mozilla said.
The 2.0.0.6 Firefox release also fixes a third security flaw that Mozilla considers to be less critical than the URL protocol handler bugs.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive InfoWorld Resource Alerts
1 Recommendation
