IoT
Software // Enterprise Applications
News
2/24/2005
06:32 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%
RELATED EVENTS
The Analytics Job and Salary Outlook for 2016
Jan 28, 2016
With data science and big data top-of-mind for all types of organizations, hiring analytics profes ...Read More>>

Firefox Patch Fixes Vulnerabilities And Prevents Crashing

Mozilla Foundation's browser fix covers "moderately critical" and other security vulnerabilities, and addresses dozens of performance issues.

It's time to update the millions of Firefox 1.0 browsers that have been downloaded over the past 11 weeks. The Mozilla Foundation on Thursday released its first security update to Firefox, comprising a series of patches intended to prevent spoofing and phishing attacks and fix glitches that cause the browser to crash.

The security update, Firefox 1.0.1, can be downloaded immediately at www.mozilla.org, and it will be available within a few days via Firefox's automatic update feature. "I'd encourage users to get this release, especially if they've been prone to phishing attacks or spoofing," says Chris Hofmann, director of engineering with Mozilla, a nonprofit software-development organization. "A lot of work in this release focuses on those areas."

The update covers a handful of security vulnerabilities and approximately 40 other fixes related to browser performance based on user feedback to Mozilla. The security vulnerabilities range from "moderately critical" in nature to not critical. None of them are highly critical, and there are no known exploits for any of the vulnerabilities, Hofmann says.

One security patch addresses the problem of international domain name spoofing, in which a hacker could potentially spoof a Web site through the international characters in the browser. The fix involves putting "funny-looking characters" in the susceptible area of the browser, though Hofmann acknowledges it's only a temporary solution. Security firm Secunia described the IDN spoofing vulnerability in a bulletin earlier this month.

The update is also meant to prevent cross-site scripting, in which an attacker gains access to data entered on a Web site by manipulating the browser.

Firefox 1.0 has been downloaded 27 million times since it was released on Dec. 7. In the process, the no-cost browser has cut into Microsoft Internet Explorer's dominant share of the browser market. IE's market share on Windows PCs had slipped to 92.7% in mid-January, from 96.7% in June, while Firefox's share rose, according to WebSideStory Inc., a Web-analytics firm that tracks browser usage. WebSideStory is expected to release updated Web-browser statistics next week.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
How to Knock Down Barriers to Effective Risk Management
Risk management today is a hodgepodge of systems, siloed approaches, and poor data collection practices. That isn't how it should be.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.