Mozilla warns of a new Firefox flaw

By Bill Brenner, Senior News Writer 06 Mar 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

A regression error occurs when the programs process certain IMG tags. Attackers who successfully lure users to a malicious Web page could then exploit the flaw to bypass restrictions and run arbitrary code.

The flaw specifically affects Firefox version 1.5.0.9 and 2.0.0.1; and SeaMonkey 1.0.7.

Podcast: Mozilla's Window Snyder Security Wire Weekly: Mozilla security chief Window Snyder explains her organization's patch process and compares it to the way Microsoft releases Internet Explorer bulletins. (Jan. 24) Download MP3 | Subscribe to Security Wire Weekly Who patches better: Microsoft or Mozilla? In this Q&A, Window Snyder credits Microsoft for working hard at a faster and more accurate patching process and admits that, sometimes, even Mozilla has to pull back on security updates at the 11th hour.

Users will be protected from the flaw by upgrading to Firefox 2.0.0.2 or 1.5.0.10; or SeaMonkey 1.1.1 or 1.0.8.

Mozilla released those versions last week to fix more than 10 other Firefox flaws digital miscreants could exploit to circumvent security restrictions, conduct cross-site scripting attacks and access sensitive information.

Mozilla 2.0 has suffered from a variety of flaws since its release last October.

Mozilla security chief Window Snyder said in a recent interview that Mozilla tries to issue a security upgrade every six weeks or so.

"We're continuously looking for vulnerabilities and continuously fixing them," she said at the time. "Users don't have to wait for the next version of the product to get a lot of the benefits of the security work we're doing. They get it on a regular basis."

She made that comment after being asked if the frequent security updates are an indication that the open source browser isn't as ironclad as supporters boast. Firefox is often touted by fans as a more secure alternative to Microsoft's much-attacked Internet Explorer.

Tags: Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Browser Security Researchers to demonstrate new EV SSL man-in-the-middle hacks Security researchers develop browser-based darknet Microsoft cracks down on click fraud ring Mozilla patches 11 Firefox security flaws, JavaScript errors Microsoft patches WebDAV security vulnerability in bevy of updates IT pros can detect, prevent website vulnerabilities, thwart attacks Stolen FTP credentials likely in massive website attacks Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert US-CERT warns of Gumblar, Martuz drive-by exploits Google study backs browser silent auto update feature Web Browser Security Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary browser hijacker  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) honey monkey  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) NCSA  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary