Language Selection

English French German Italian Portuguese Spanish

Firefox's flaws fixed in upgrade

Filed under
Software

The Mozilla Foundation, maker of the open source web browser Firefox, has released a security patch to plug two critical security flaws in the browser.

The flaws were found last week by net security experts. Danish firm, Secunia, called them "extremely critical".

Mozilla has now recommended people upgrade to the latest version, Firefox 1.0.4, which is a security update.

Firefox is Microsoft Internet Explorer's (IE) main rival. IE has dominated the browser market.

But many have switched to Firefox because, so far, it has had fewer security flaws than IE and is more customizable.

Although the vulnerabilities, reported on Saturday, had been identified no cases had been reported of them being exploited.

Secunia said they were "extremely critical" because they could have let cookie and history information be used to get access to personal information or access previously visited sites.

The first flaw reported fooled the browser into thinking software was being installed by a legitimate, or safe, website.

The second happened was related to the software installation trigger which was not able to properly check icon web addresses which contain JavaScript code.

Potentially, a hacker could have taken advantage of the security flaws to secretly launch malicious code or programs.

Full Story.

More in Tux Machines

Android Leftovers

Canonical Releases AMD Microcode Updates for All Ubuntu Users to Fix Spectre V2

The Spectre microprocessor side-channel vulnerabilities were publicly disclosed earlier this year and discovered to affect billions of devices made in the past two decades. Unearthed by Jann Horn of Google Project Zero, the second variant (CVE-2017-5715) of the Spectre vulnerability is described as a branch target injection attack. The security vulnerability affects all microprocessors that use branch prediction and speculative execution function, and it can allow unauthorized memory reads via side-channel attacks if the system isn't patched. For example, a local attacker could use it to expose sensitive information, including kernel memory. Read more

PulseAudio 12 Open-Source Sound System Released with AirPlay, A2DP Improvements

Highlights of PulseAudio 12.0 include better latency reporting with the A2DP Bluetooth profile, which also improves A/V sync, more accurate latency reporting on AirPlay devices, the ability to prioritize HDMI output over S/PDIF output, HSP support for more Bluetooth headsets, and the ability to disable input and output on macOS. PulseAudio 12.0 also adds support for Steelseries Arctis 7 USB headset stereo output and Dell's Thunderbolt Dock TB16 speaker jack, a new "dereverb" option that can be used for the Speex echo canceller, a new module-always-source module, better detection of Native Instruments Traktor Audio 6, and improved digital input support for various USB sound cards. Read more

Automatically Change Wallpapers in Linux with Little Simple Wallpaper Changer

Here is a tiny script that automatically changes wallpaper at regular intervals in your Linux desktop. Read more