myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron at myITforum.com

Sharing Security Developments, and Best Practices for corporate and home users

Firefox v2.0.12 to be released soon - Major Security Issue

Firefox users should watch for an important update that addresses a serious security vulnerability.  The Mozilla foundation has escalated a serious security vulnerability and version 2.0.12 will be pushed out soon, according to the developers blog.  Most users will automatically update to the latest version, when it becomes available. 

Mozilla ups unpatched Firefox flaw to high severity
http://blogs.zdnet.com/security/?p=841&tag=nl.e539

* The chrome library protocol handling issue is proof-of-concept only (no in-the-wild attacks noted so far)

* An attacker can use this vulnerability to collect session information, including session cookies and session history.

* Firefox 2.0.12 is being prioritized and will be pushed out soon  

http://blog.mozilla.com/security/2008/01/29/status-update-for-chrome-protocol-directory-traversal-issue/

* Firefox is not vulnerable by default, however many users install add-ins (long list in link below)

Firefox Vulnerable Add-ins
https://bugzilla.mozilla.org/attachment.cgi?id=300181

* The most current version and release information can be obtained at:

Mozilla Firefox Home Page
http://www.mozilla.com/en-US/firefox/

Published Jan 30 2008, 04:44 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems