Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

October 2009
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Mozilla Firefox 3.5.3 patches a trio of critical vulns

By Sean Michael Kerner on September 10, 2009 9:37 AM
sr-firefox3.jpg
From the 'Time To Update' files:

Mozilla is updating its Firefox web browser to plug holes in its own software and to help prevent users from running other vendors vulnerable software as well.

Firefox 3.5.3 is being released with three critical bug security advisories from Mozilla. There is, "Crashes with evidence of memory corruption" advisory as has been the case with many Firefox release over the past two years.
"Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," Mozilla states in its advisory.
There is also an interesting, "TreeColumns dangling pointer vulnerability" that was reported to Mozilla by way of the Tipping Point Zero Day Initiative (ZDI). ZDI pays security researchers for their vulnerabilities and then responsibly discloses them to vendors so they can be fixed.

The tree element flaw deals with a XUL (XML User-interface Language) element that could have been abused to let an attacker potentially run arbitrary code.

The final critical advisory issued by Mozilla is privilege escalation issue in the  BrowserFeedWriter element.

"Using this vulnerability, an attacker could construct an object containing malicious JavaScript and cause the FeedWriter to process the object, running the malicious code with chrome privileges," Mozilla's advisory states.
Firefox 3.5.3 is also the first first Firefox release to check that the Adobe Flash plug-in on a user's system is up to date. It's a really important addition.

Back in in August, I wrote a story about one security vendor's claims that 80 percent of Adobe Flash users were running old versions. I'm not entirely certain of how accurate that claim might be, but I do know that a certain percentage of users are running old versions of Flash.

Now finally, with the browser (which is how most of us access Flash content on the web) checking Flash versions, maybe we'll see more users running the most recent version.

Browser security is about more than just the browser itself after all. It's about the whole ecosystem of vendors and software that a browser user relies on.

| Comments (0) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Mozilla Firefox 3.5.3 patches a trio of critical vulns.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/8884

Leave a comment