Language Selection

English French German Italian Portuguese Spanish

Firefox's flaws fixed in upgrade

Filed under
Software

The Mozilla Foundation, maker of the open source web browser Firefox, has released a security patch to plug two critical security flaws in the browser.

The flaws were found last week by net security experts. Danish firm, Secunia, called them "extremely critical".

Mozilla has now recommended people upgrade to the latest version, Firefox 1.0.4, which is a security update.

Firefox is Microsoft Internet Explorer's (IE) main rival. IE has dominated the browser market.

But many have switched to Firefox because, so far, it has had fewer security flaws than IE and is more customizable.

Although the vulnerabilities, reported on Saturday, had been identified no cases had been reported of them being exploited.

Secunia said they were "extremely critical" because they could have let cookie and history information be used to get access to personal information or access previously visited sites.

The first flaw reported fooled the browser into thinking software was being installed by a legitimate, or safe, website.

The second happened was related to the software installation trigger which was not able to properly check icon web addresses which contain JavaScript code.

Potentially, a hacker could have taken advantage of the security flaws to secretly launch malicious code or programs.

Full Story.

More in Tux Machines

Ubuntu Touch to Land with Bq Aquaris e4.5 Phones in February

The first two companies that have been confirmed to release phones with Ubuntu Touch are Meizu and Bq. Until now, only Meizu showed any kind of involvement with Ubuntu Touch and they were the first to announce a launch window. On the other hand, Bq has been silent, but it seems to have been very busy and to be the first one out the door. Read more

Linux 3.19 Merge Window Closes Ahead Of Schedule

Linus announced on Friday night that he's closing the merge window early for 3.19. Torvalds said that he's pulling the last of the pull requests on Saturday -- related to KBuild and the READ_ONCE split-up -- but is planning to then close the merge window. Read more

X.Org Server 1.16.3 Released To Fix Security Issues

Julien Cristau of Debian announced the X.Org Server 1.16.3 release on Saturday morning. The primary focus of this release is on correcting the security issues within the GLX, DIX, XV, DRI3, RENDER, and other areas of the xorg-server code-base affected by outstanding security problems. Read more