Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live teleconferences:
* Planning for Succession:
Models for IT Leadership Development, June 23
* Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25
* Managing Change: Centralizing Your IT Organization
July 29
Apply today for a FREE subscription to CIO Magazine!
Firefox's Serious Bug to Be Patched Next Week
Mozilla plans to patch a serious problem in its Firefox browser next week.
November 21, 2007 — IDG News Service (San Francisco Bureau) — Mozilla plans to release a bug-fix for its Firefox browser next week, repairing a long-standing security flaw in the software.
The 2.0.0.10 update is in testing now and should be released to the public next week, following the Thanksgiving holiday in the United States. "We are giving it a couple of days to make sure that there are no issues found and we'll release it after Thanksgiving," said Mike Schroepfer, Mozilla's vice president of engineering.
Mozilla is calling on the Firefox community to test the browser during a quality assurance "testday" this Friday.
The issue was first reported last February by Jesse Ruderman, but it gained widespread attention earlier this month when researcher Petko Petkov pointed out on his blog that the flaw could be used to launch a cross-site scripting attack against the Firefox browser.
The flaw has to do with the fact that Firefox does not properly check files that are compressed using the .jar (Java Archive) format. Attackers could sneak malicious code into the Jar-compressed documents, which would then be run by the victim.
A few days after Petkov posted his findings, a researcher going by the name "Bedford" showed how this attack could be launched against Google users, giving them access to victims' Gmail accounts, Google searches and other sensitive data stored on the Google Web site.
"This means that attackers can get to any place on Google and do whatever they want with your profile and your online presence," Petkov wrote in a blog posting.
Though both Petkov's and Bedford's vulnerabilities are related to the way Firefox handles .jar files, Mozilla considers them to be two separate issues, both of which are set to be patched in next week's 2.0.0.10 release.
Other stories by Robert McMillan
Copyright 2006 IDG News Service, International Data Group Inc. All rights reserved.
Read the statistics about how large companies manage the risks associated with outbound email, blog postings, media sharing sites, mobile Internet-connected devices and more.
Find out more about the impact of data protection regulations and standards such as HIPAA, PCI, and PIIG, which place new constraints on data.
Learn how virtual appliances can eliminate "appliance overload" by combining the advantages of hardware appliances and virtualization technology.
Find out why email encyrption is critical to an organization's overall security architecture and the advantages of identity-based encryption over traditional approaches.
Hear how you can keep your messaging infrastructure safe from spam and viruses, or prevent leaks of your organization's most valuable data.
War Gaming: Necessary Exercises
Enterprise Business Security: Protect Data, Accelerate Growth
The Hydra and the Onion: A Multi-Layered Security Model for Today's Dynamic IT Threat Environment
Reduce the Risk of Costly Data Breaches: Three Pillars of Data Protection
Building an Online Customer Experience Competency
They Can't Steal What You Don't Have: Smart Security Choices for Mobile Workers
Building Competitive Advantage with Next-Generation Wireless Infrastructure
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Solutions to the Toughest IT Challenges in Remote Offices Webcast
Get Control of Mobile Data (and More): Improve security and reduce costs with a mobility management platform (Video webcast)
The Universal Wireless Client: How to simplify mobility and reduce the cost of supporting mobile workers (Video webcast)
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Apple Opens First Store in China
Ex-Microsoft Manager Gets 22 Months for Fraud
Yahoo Uses Home Page to Lobby Against Icahn
Intel Antitrust Redux, AMD Change, Network Woes
Firefox 3.0.1 patches Mac-only bug
Merger Talks Between MTN and Reliance Fail
Telecom Regulator Meets GSM Operators, ISPs
Google to Pay $140M for Russian Contextual Ad Firm
RIM BlackBerry Enterprise Server (BES) 4.1.6 Upgrade Addresses Critical PDF Flaw
Nigeria Telephone Operators Eye Fixed Monthly Talk Rates
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
