Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Firefox Patch Fixes Vulnerabilities And Crashes

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Firefox Patch Fixes Vulnerabilities And Crashes
Date: Fri, 25 Feb 2005 03:48:34 -0600 (CST) 
http://www.informationweek.com/story/showArticle.jhtml;jsessionid=ZEU4XWPELZQMIQSNDBCSKHSCJUMEKJVN?articleID=60403364

By John Foley 
InformationWeek 
Feb. 24, 2005 

It's time to update the millions of Firefox 1.0 browsers that have
been downloaded over the past 11 weeks. The Mozilla Foundation on
Thursday released its first security update to Firefox, comprising a
series of patches intended to prevent spoofing and phishing attacks
and fix glitches that cause the browser to crash.

The security update, Firefox 1.0.1, can be downloaded immediately at
www.mozilla.org, and it will be available within a few days via
Firefox's automatic update feature. "I'd encourage users to get this
release, especially if they've been prone to phishing attacks or
spoofing," says Chris Hofmann, director of engineering with Mozilla, a
nonprofit software-development organization. "A lot of work in this
release focuses on those areas."

The update covers a handful of security vulnerabilities and
approximately 40 other fixes related to browser performance based on
user feedback to Mozilla. The security vulnerabilities range from
"moderately critical" in nature to not critical. None of them are
highly critical, and there are no known exploits for any of the
vulnerabilities, Hofmann says.

One security patch addresses the problem of international domain name
spoofing, in which a hacker could potentially spoof a Web site through
the international characters in the browser. The fix involves putting
"funny-looking characters" in the susceptible area of the browser,
though Hofmann acknowledges it's only a temporary solution. Security
firm Secunia described the IDN spoofing vulnerability in a bulletin
earlier this month.

The update is also meant to prevent cross-site scripting, in which an
attacker gains access to data entered on a Web site by manipulating
the browser.

Firefox 1.0 has been downloaded 27 million times since it was released
on Dec. 7. In the process, the no-cost browser has cut into Microsoft
Internet Explorer's dominant share of the browser market. IE's market
share on Windows PCs had slipped to 92.7% in mid-January, from 96.7%
in June, while Firefox's share rose, according to WebSideStory Inc., a
Web-analytics firm that tracks browser usage. WebSideStory is expected
to release updated Web-browser statistics next week.
  


_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Firefox Patch Fixes Vulnerabilities And Crashes, InfoSec News <=
Previous by Date:  [ISN] Q&A: Rep. Davis on latest federal IT security report card, InfoSec News
Next by Date:  [ISN] Linux Advisory Watch - February 25th 2005, InfoSec News
Previous by Thread:  [ISN] Q&A: Rep. Davis on latest federal IT security report card, InfoSec News
Next by Thread:  [ISN] Linux Advisory Watch - February 25th 2005, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]