Management
Technology
- Applications
- Business Intelligence
- Development
- Hardware
- Mobile & Wireless
- Networking
- Internet
- Operating Systems
- Security Products
- Servers & Datacentre
- Storage
Toolbox
Training
Books
White Papers
Webcast
Resource Centre
November 21, 2007
Firefox vulnerability fix available next week
Long-standing flaw will finally be sorted
By Robert McMillan, IDG News Service
Mozilla is set to release a Firefox bugfix next week, repairing a long-standing security flaw in the software.
Advert
The 2.0.0.10 update is in testing right now and should be released to the public next week. "We are giving it a couple of days to make sure that there are no issues found and we'll release it after Thanksgiving," said Mike Schroepfer, Mozilla's vice president of engineering.
Mozilla is calling on the Firefox community to test the browser during a quality assurance "testday" this Friday.
The issue was first reported last February by Jesse Ruderman, but it gained widespread attention earlier this month when researcher Petko Petkov pointed out on his blog that the flaw could be used to launch a cross-site scripting attack against the Firefox browser.
The flaw has to do with the fact that Firefox does not properly check files that are compressed using the .jar (Java Archive) format. Attackers could sneak malicious code into the Jar-compressed documents, which would then be run by the victim.
A few days after Petkov posted his findings, a researcher going by the name "Bedford" showed how this attack could be launched against Google users, giving them access to victims' Gmail accounts, Google searches and other sensitive data stored on the Google website.
"This means that attackers can get to any place on Google and do whatever they want with your profile and your online presence," Petkov wrote in a blog posting.
Though both Petkov's and Bedford's vulnerabilities are related to the way Firefox handles .jar files, Mozilla considers them to be two separate issues, both of which are set to be patched in next week's 2.0.0.10 release.
Follow highlights from ComputerworldUK on Twitter
Sign up for our Daily Newsletter
The UK IT News widget Get it for your site!
« prev article | more internet news | next article »
Advert
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
- This article is now being printed.
What are your views on this subject? Use the form below to post a comment on this article up to 1000 characters.
Click below to add 'Firefox vulnerability fix available next week - Internet Applications - ComputerworldUK' to your blog.
If you do not have a ComputerworldUK Account and would like to use this feature, please Register.
If you are a registered, logged-in user, this will post the title and first paragraph of this story to your blog to share with your readers.
Advert
Newsletters
Our Daily & Weekly Newsletters highlight breaking news, vital issues, expert analysis and solutions to help you stay ahead of developments in the industry.
WHITE PAPERS
-
Legal risks: Employee use of the internet and email
Exploring the challenges facing IT Mangers today and vital steps to ensure safe internet an email use by employees. -
Phishing for victims
This White Paper examines the phenomenon of phishing. It explains the potentially catastrophic threat it presents to all kinds of organisation. Exploding some widespread myths, it lights up the murky waters where phishing first emerged and where it continues to evolve. But it also highlights what your business can do to blunt the threat.
