Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Greg.

« Keep HR Out of the Loop | Main | Virtualization, Licensing, and "Cold DR Use Rights" »

Has your IT Shop Moved to Firefox? Have you kept it Patched? You Should...

Mozilla has released a new version of its flagship Firefox browser with fixes for five six security vulnerabilities, one carrying a “critical” rating.

The most serious issue addressed in today’s Firefox 2.0.0.4 update pertains to browser crashes with evidence of memory corruption. This fix (MFSA 2007-12) rolls up several bug fixes that, under certain conditions, could presumably lead to code execution attacks...

The update also fixes a high-risk cross-site scripting flaw, an XUL pop-up spoofing bug, a vulnerability that could allow path abuse in cookies, a hole in APOP authentication and a persistent auto-complete denial-of-service flaw.

So far this year, Mozilla has issued shipped fixes for 17 Firefox security issues.

As expected, Mozilla also shipped the final Firefox 1.5 version with patches for the flaws discussed above. This version of Firefox 1.5 includes an auto-update mechanism to migrate users to the more secure/stable Firefox 2 versions.

Firefox 1.5.0.12 is available for download here but all users are encouraged to upgrade to Firefox 2.

Over the coming weeks, Mozilla will be presenting 1.5.0.12 users with a notification message that will offer users a “major update” to Firefox 2. Upon confirmation, a user’s browser will be upgraded from 1.5.0.12 to 2.0.0.4, according to a post on the Mozilla Developer blog.

Source:
http://blogs.zdnet.com/security/?p=249&tag=nl.e539

Tags:        
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Greg Shields on May 31, 2007 11:43 AM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-windowsserver.com/type/mt-tb.cgi/183

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Greg Shields' Bio:

Greg Shields, is an independent author, instructor, and IT consultant based in Denver, Colorado, and a co-founder of Concentrated Technology. With nearly 15 years of experience in information technology, Greg has developed extensive experience in systems administration, engineering, and architecture specializing in Microsoft systems management, remote application, and virtualization technologies. Greg is a Contributing Editor for Redmond Magazine, MCPmag.com, and Virtualization Review Magazine and is the author of five books, including Windows Server 2008:  What’s New / What’s Changed. Greg is also a highly sought-after instructor and speaker, speaking regularly at conferences like TechMentor Events, and producing computer-based training curriculum for CBT Nuggets.  Greg is a recipient of Microsoft "Most Valuable Professional" award with a specialization in Windows Terminal Services.