The InformationWeek -- Blogs

Security

Topics:   Security

  • Email this page E-mail this page
  • Print this page Print this page
  • Bookmark and Share
  • icon

Patch Your Firefox


Posted by George Hulme, Oct 27, 2009 11:09 PM

Mozilla just released 16 patches for vulnerabilities in Firefox. Eleven of the flaws are critical, and affect a number of components in the browser.

Six of the flaws are ranked as critical, all of the flaws affect version 3.5.4.

From Mozilla Foundation Security Advisory 2009-63:

Mozilla upgraded several third party libraries used in media rendering to address multiple memory safety and stability bugs identified by members of the Mozilla community. Some of the bugs discovered could potentially be used by an attacker to crash a victim's browser and execute arbitrary code on their computer. liboggz, libvorbis, and liboggplay were all upgraded to address these issues.

Aside from those third-party media libraries, flaws also affected the JavaScript and browser engine and GIF map parser.

The flaw in Security Advisory 2009-57, found that the XPCOM utility XPCVariant::VariantDataToJS unwrapped doubly-wrapped objects before returning them to chrome callers. This enabled the possibility for bad code to be escalated to be executed with Chrome privileges.

The flaws in Mozilla aren’t hurting its growth. Just yesterday Mozilla CEO John Lilly said in a Twitter post that Firefox grew by more than 30 million in the previous eight weeks. As of September 2009, web-analytics company Net Applications estimates nearly 24 percent of Internet browsers use Firefox.

Users will be updated automatically.

For my security and technology observations throughout the day, consider following me on Twitter.

« Dealing With Digital Depression 2.0 | Main | How Important Is Open Source To Mobile Devices? »



Sign Up Now
For InformationWeek News Alerts




This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.


 
 

  1. Detecting Scalability Problems With Intel Parallel Universe Portal
  2. Just Say No To SFAQL Parallelism
  3. QuickThread: A New C++ Multicore Library
Join The InformationWeek Group On LinkedIn


                           


  1. AT&T's iPhone Stranglehold Ending June 2010?
  2. Will Android Survive?
  3. Top Wireless Turkeys Of 2009
  4. Apple Steps Into AT&T-Verizon Ad War

  1. 'Godfather Of Spam' Gets Four Years In Prison
  2. Senators Urge EU To Finish Oracle-Sun Probe
  3. Microsoft Issues Internet Explorer Security Advisory
  4. Amazon Boosts Kindle Features
  5. Google, TiVo Partner For TV Data
  6. Feds To Sharpen Cybersecurity Job Policies

 
  Ars Technica
Boing Boing
Channel 9 Forums
CRN Blogs
Dr.Dobb's Portal: Blogs
Engadget
Gizmodo
GrokLaw 		  Lifehacker
Schneier on Security
Slashdot
TechCrunch
Techdirt
Techmeme
Valleywag
  DECEMBER 2008
NOVEMBER 2008
OCTOBER 2008
SEPTEMBER 2008
AUGUST 2008
JULY 2008
JUNE 2008
MAY 2008 		  APRIL 2008
MARCH 2008
FEBRUARY 2008
JANUARY 2008
DECEMBER 2007
NOVEMBER 2007
OCTOBER 2007
SEPTEMBER 2007