Language Selection

English French German Italian Portuguese Spanish

Firefox's flaws fixed in upgrade

Filed under
Software

The Mozilla Foundation, maker of the open source web browser Firefox, has released a security patch to plug two critical security flaws in the browser.

The flaws were found last week by net security experts. Danish firm, Secunia, called them "extremely critical".

Mozilla has now recommended people upgrade to the latest version, Firefox 1.0.4, which is a security update.

Firefox is Microsoft Internet Explorer's (IE) main rival. IE has dominated the browser market.

But many have switched to Firefox because, so far, it has had fewer security flaws than IE and is more customizable.

Although the vulnerabilities, reported on Saturday, had been identified no cases had been reported of them being exploited.

Secunia said they were "extremely critical" because they could have let cookie and history information be used to get access to personal information or access previously visited sites.

The first flaw reported fooled the browser into thinking software was being installed by a legitimate, or safe, website.

The second happened was related to the software installation trigger which was not able to properly check icon web addresses which contain JavaScript code.

Potentially, a hacker could have taken advantage of the security flaws to secretly launch malicious code or programs.

Full Story.

More in Tux Machines

Linux on Servers

Debian, Devuan, and Ubuntu

  • My Free Software Activities in April 2016
    I handled a new LTS sponsor that wanted to see wheezy keep supporting armel and armhf. This was not part of our initial plans (set during last Debconf) and I thus mailed all teams that were impacted if we were to collectively decide that it was OK to support those architectures. While I was hoping to get a clear answer rather quickly, it turns out that we never managed to get an answer to the question from all parties. Instead the discussion drifted on the more general topic of how we handle sponsorship/funding in the LTS project.
  • Initial Planning For Ubuntu 16.10 Today At UOS
    Beyond the announcement that Ubuntu 16.10 won't ship with Mir and Unity 8 by default, many other items were discussed for the Ubuntu 16.10 release due out in October.
  • Ubuntu 16.10 Isn't Going To Use Mir / Unity 8 By Default
    Well, another setback for Unity 8 and Mir. Kicking off the Ubuntu Online Summit for Ubuntu 16.10, it's been confirmed that the Unity 8 desktop and Mir display server will not be the default for the desktop spin. Similar to the current situation with existing Ubuntu releases, Unity 8 and Mir will be available as an opt-in feature for users wanting to upgrade their desktop, but Unity 7 and the faithful X.Org Server is planned to be the default for Ubuntu 16.10 Yakkety Yak.
  • Devuan Beta Release
    After two years in development, a beta release of the Devuan distro has made it into the world (Devuan is a registered trademark of the Dyne.org foundation). Devuan is a very Debian-ish distro. In fact, it basically is Debian, with one notable absence. Devuan doesn't use systemd. In fact, that's its main claim to fame. Devuan was created to offer an alternative to Debian fans who were alienated by the controversial switch to systemd.

Leftovers: OSS

today's howtos