New Firefox Fix Patches Security Bugs

Fri, September 15, 2006 — CIO —

Mozilla developers have released an updated version of their Firefox browser that fixes a number of security issues, four of them rated critical.

The update was released late Thursday, and Firefox users should receive the 1.5.0.7 patches via the browser’s automatic update system over the next few days, according to Mozilla.

Research firm Secunia rates the flaws as "highly critical," saying they can be exploited to "conduct man-in-the-middle, spoofing, and cross-site scripting attacks, and potentially compromise a user’s system," according to an alert. Secunia’s alert can be found here.

Web surfers who want to download the Firefox update directly can find it here.

In addition to the four critical patches, the software also fixes three less-critical issues and offers some stability enhancements, according to the Mozilla website. Details on the security vulnerabilities can be found here.

Browser hackers have traditionally focused on Microsoft’s Internet Explorer, but as Firefox’s market share has grown it has become a more attractive target. Firefox is now used by about 13 percent of Web surfers, according to research firm OneStat.com.

It has been a busy week for IT administrators looking to stay on top of security. Important security patches were also released by Microsoft and Apple Computer.

On Tuesday, Microsoft released its monthly set of security patches, fixing a critical bug in its Publisher product. The company also rereleased two of its August patches to fix bugs in the updates. More information on Microsoft’s patches can be found here.

That was followed Wednesday by Apple’s fix for its QuickTime multimedia software. This update, rated as highly critical by Secunia, fixes six bugs in the product. More details on the QuickTime update can be found on Apple’s website.

-Robert McMillan, IDG News Service (San Francisco Bureau)

Related Links:

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.

Comments

$firstKeyword

More from IT Drilldown « Back to Security

Articles

Gumblar Malware's Home Domain is Active Again

Developer Finds Major Coding Errors in Facebook, MySpace

Boston Celtics Clamp Down on Spam

Postini Technology to Spread Across Google Apps

Federal Data Protection Law Inches Forward

Microsoft Plans Six Patches Next Week, Ties November Record

Six Steps to Pull App Security Back to the Future

Blue Coat Slashes Staff, Buys S7 Services Company

Mobile Security ABCs

Get up to speed on mobile security.

Learn More »

Security Newsletter

Security MarketSpace

8 Tactics to Combat Vulnerabilities

This white paper reviews 8 key elements of vulnerability management and provides advice on combating known vs. unknown vulnerabilities. Learn more »

Email and Web Threats Require a Layered Defense

Learn how web threats are changing and how using a layered defense strategy can give you the security you need. Learn more »

The Case for Data Protection for SMBs

Take Fraudsters Out of the Game

Easily identify account-device relationships and get data for in-depth forensic analysis. Learn more »

Mobile Security Landscape

This paper examines the current mobile security landscape, including myths surrounding the risks and threats, and how organizations can establish a solid mobile security strategy. Learn more »

Reducing Energy Costs in Your Data Center

This white paper examines the most common roadblocks to improving data center efficiency. Learn more »

Security convergence equals network security cost savings

Security convergence equals network security cost savings Learn more »

IBM ISS X-Force Threat and Risk Report

Read this Trend and Risk report from IBM® ISS X-Force® to learn statistical information about all aspects of threats that affect Internet security, including software vulnerabilities and public exploitation, malware, spam, phishing, web-based threats, and general cyber criminal activity. Learn more »