Unholy trio menace Firefox
PrintCritical update for Mozilla and Firefox
Posted in Software & Security, 19th April 2005 13:05 GMT
Free whitepaper – Managing desktop software for fun and profit
The Mozilla Foundation has released updated versions of its popular Firefox (version 1.0.3) and Mozilla (version 1.7.7) web browsers to correct a number of recently discovered security flaws. The updates fix a trio of critical vulnerabilities, two of which have become the subject of proof-of-concept hacker exploits.
A bug that allows hackers to inject JavaScript code in link tags supporting "favicons" and a Mozilla-specific flaw which allows the execution of arbitrary code remotely via the Firefox side bar both pose a severe risk after they were recently coded up in script-kiddie friendly exploits. A third critical security bug - affecting versions of the browsers prior to Firefox 1.0.3 and Mozilla 1.7.7 - involves privilege escalation via DOM (Document Object Model) property overrides.
Firefox 1.0.3 and Mozilla 1.7.7 also addresses six lesser security risks as described by Secunia here. Users of the popular browsers are strongly urged to apply the appropriate update. ®
Related stories
Firefox dusted down with security upgrade
Browser bugs sprout eternal
Drive-by Trojans exploit browser flaws
Free whitepaper – Managing desktop software for fun and profit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Seven ways to lower storage costs
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs