If you're using early copies of the Mozilla open-source Web browser, chances are
your PC is vulnerable to attacks via a half-dozen security holes.
Pre-version 1.0 rollouts of the alternative browser project, which is backed
by AOL-Time Warner's Netscape unit, contain about a
half-dozen vulnerabilities.
It appears most of the bugs, which were posted on the BugTraq security list
this week, have already been corrected in the latest version of Mozilla but
at least one of the flaws is still affecting versions 1.0.1 and 1.1.
(Download latest Mozilla releases here).
Mozilla Developer News 2005::
about-mozilla (34) add-ons (1) General (159) Releases (75) Security (25) Posted in General | No Comments RC3 fixed two bugs from RC2:
http://developer.mozilla.org/devnews/index.php/2005/HOME |
The BugTraq updates to the earlier Red Hat advisory said
the most serious HTTP/HTTPS Redirection Weakness do not adequately warn
Mozilla users when they are being redirected from secure sites to other
secure sites via non-secure sites. Because this is a key issue when
browsing and shopping at e-commerce sites, this flaw is considered crucial.
Schneier on Security: Firefox JavaScript Flaw: Real or Hoax?::
the presenters to responsibly disclose flaws via Mozillas bug bounty program Posted by: vlna at October 4, 2006 8:19 AM You cant vote on a security issue.
http://www.schneier.com/blog/archives/2006/10/firefox_javascr.htmlHOME |
Firefox Update Tackles Pair of Critical Bugs::
by no less than six Mozilla Foundation Security Advisories -- two of them critical. Search all Jobs Post Your Job Solutions. Whitepapers and eBooks
http://www.itchannelplanet.com/security_news/article.php/3Pair+of+Critical+Bugs.htmHOME |
Another flaw with the XMLSerializer object may allow an intruder to gain
access to properties of another domain in a frame or iframe. The
XMLSerializer feature comes with Mozilla's XMLExtras.
According to the advisory, improper implementation of the onkeypress
function for the space bar can cause multiple confirmations via a single key
press. "This could potentially allow the confirmation of a malicious XPI to
be installed into the client," it warned.
Another bug relates to a memory corruption bug that is triggered when
document.open() is called as the action to be performed when a form
is submitted. "Under certain circumstances processing this data will result
in memory corruption, resulting in a denial of service," the advisory added.
Techworld.com - Mozilla chases imaginary security problem::
includes a link to a statement he made that is posted on Snyders Mozilla blog. Six Apart, the companys earliest investor, Joi Ito, is on Mozillas
http://www.techworld.com/Security/news/index.cfm?newsid=7020HOME |
Mozilla Messaging patches Thunderbird bugs - Network World::
enabled in mail, Mozilla said in the security advisories that accompanied Thursdays update. address management in 2008 - six things to know. The self
http://www.networkworld.com/news/2008/050208-mozilla-messa-patches-thunderbird.htmlHOME |
The six vulnerabilities come on the heels of a previously-reported privacy
leak within Mozilla that springs data on the Web surfing movements of
users.
That flaw exposes the URL of the page a user is viewing to the Web server of
the site visited last, allowing a Web site to track where a viewer goes next
regardless of whether the URL is entered manually or via a bookmark. It
affects Mozilla browser versions 0.9x, 1.0, 1.0.1, 1.1 and 1.2 alpha;
Netscape 6.x and 7; Galeon 1.2.x and Chimera 0.5.
Mozilla users are urged to disable JavaScript as a temporary workaround
until a fix is issued. The flaw exists in the "onunload" handler which loads
an image from the referring server about a user's surfing movements.
Mozilla has
released the 1.1 upgrade to provide increased support for Linux and Mac
platforms but the privacy flaw remains in the upgrade, researchers warned.
 SOAP 1.2 Passage Snagged By IP Issues
 China to be Stronghold for Open Source
| 
Six Mozilla Security Bugs Posted 
PRINT
Add to favorites