Firefox lances IE bug
Print storyPass the parcel bug binned
Posted in Enterprise Security, 18th July 2007 11:05 GMT
Free Download - Security Web 2.0
Mozilla has pushed out a new version of Firefox that fixes a number of security bugs, including a high-profile bug involving launching Firefox from Internet Explorer.
Firefox version 2.0.0.5 also fixes a number of memory corruption and privilege escalation flaws, as explained in Mozilla's release notes here.
The release - available in Mac, Windows and Linux flavours - will be automatically pushed out to users within the next two days. Users still running running Firefox 1.5.0.x, which is no longer supported, are urged to upgrade to the Firefox 2 series.
In other security bug-related news, independent security researcher Michal Zalewski has unearthed a vulnerability in Internet Explorer, which might be exploited by a malicious website to spoof the address bar. The unpatched bug allows con-men to create more convincing phishing and revolves around flaws in the way IE7 implements the "document.open()" method of opening new browser windows.
An even more severe client-side risk comes from a pair of unpatched flaws in the Trillian multi-protocol IM client. Users are urged to disable the "aim://" URI handler in Trillian as a workaround, pending the delivery of security updates. ®
Implementing Energy Efficient Data Centers [WP114]
An Improved Architecture for High-Efficiency, High-Density Data Centers [WP126]
Web application security [3-2APYM3X]
Securing your Online Data Transfer with SSL
The Register Guide to Extended Validation
Inmate hacked prison network, broke into employee database
Miscreants hijacking machines via (freshly patched) Adobe flaw
Martial law planned for Craigslist's red-light district
Cocaine addicted IT manager hacks ex-employer's mail servers