You are here: IT-Observer » Articles » Editorial RSS | White Papers |   

Firefox ‘supports’ security holes





Two extremely critical security vulnerabilities in FireFox, the ultimate alternative to Internet Explorer, were discovered by security researchers. The security breaches affect all versions, including the latest release, and allow an attacker to take control of the system.

The vulnerabilities are both concerned with how FireFox handles JavaScript. The first flaw enables execution of code via a specially crafted JavaScript URL. The other flaw enables execution of arbitrary HTML and scrip code in the site.

The flaws were confidentially reported to Mozilla Foundation a week ago, but details had been leaked and the vulnerabilities were reported by several security research firms. The Danish security firm Secunia, reported that an exploit is already traveling around the Net.

Mozilla Foundation said it has protected most users from the exploit by altering the software installation mechanism on its two whitelisted sites. However, users may be vulnerable if they have altered the whitelist.

"We believe this means that users who have not added any additional sites to their software installation whitelist are no longer at risk," said Mozilla Foundation.

Though security holes were previously discovered in FireFox, this is the first time that a security firm gives the “extremely critical” rating to a FireFox flaw. FireFox definitely can be proud in 50 millions downloads, but who really takes care about the popularity when it comes to security breaches that risk our computers...?



GFI LANguard Network Security Scanner - Is your network open to attack? Find out with the #1 sold network security scanner: GFI LANguard Network Security Scanner! Download your FREE trial version today.

Visit GFI Security Software page for more information.

 

FREE IP PBX: 3CX VOIP Phone System for Windows. No timeouts or limitations

 

Latest News

Valentine’s Day: a powerful lure for spreading malware
09.02.07  As Valentine´s Day approaches, users should keep a wary eye on any romantic messages received by email, as many of them could contain malicious code.

Skype reads out your BIOS data
09.02.07  The Windows version of the Voice-over-IP software Skype reads and stores the BIOS and motherboard serial number of a user’s computer.

Utimaco SafeGuard Enterprise supports BitLocker
09.02.07  Utimaco has announced that its SafeGuard Enterprise now supports Windows Vista BitLocker drive encryption.

RSA 2007: Yoggie awarded Most Innovative Company
08.02.07  Yoggie Security Systems has announced that it has been named the Most Innovative Company at the RSA security conference 2007 for the development of Yoggie Gatekeeper Pro security appliance.

Microsoft launches new SSL VPN solution
02.02.07  Microsoft has announced the availability of Intelligent Application Gateway 2007, the company’s new security access solution that combines virtual private networking technology acquired from Whale Communication and Web application firewall.

MIMEDefang 2.59 for UNIX released
02.02.07  Roaring Penguin Software has announced the availability of MIMEDefang 2,59, the latest version of the company’s framework for filtering emails.

Ping of death comes to Solaris
31.01.07  Sun Microsystems has issued a security update intended for computers running Sun Solaris 10 operating system.

Copyright © IT-Observer Online Publication 2000 - 2007 Top | RSS Feeds | About Us   
Site Meter