Spotlight | Reviews | Current Issue | Newsletter | Subscribe | Contact |
News
Features
Blogs
RSS Feeds
White Papers
Conference Videos
Departments
Current Issue
Special Editions
Spotlight
Reviews
Event Calendar
Archives
Article Code

Partner Links
Website builder
WinWeb OnlineOffice
Shopping and price comparison with product reviews at dooyoo.co.uk

user friendly

CeBIT 2010

High-class talks around the clock in the Forum, non-commercial projects presenting their work, new developments at the largest IT fair in the world, CeBIT Open Source 2010 in Hanover, Germany.

Visit them in hall 2, March 2-6 or here.

  linux-magazine.com » Online » News » Mozilla Closes Down Critical Security Holes  

Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg

Mozilla Closes Down Critical Security Holes

Nov 27, 2007

The Mozilla Foundation has just released Firefox version 2.0.0.10 which resolves three critical vulnerabilities – but new issues have already reared their ugly heads.

One of the most serious vulnerabilities concerned handling of .jar files. An error in the Jar protocol implementation allowed cross-site scripting attacks on filters and other safeguards to grab login information and other data. Another scenario describes attacks with carefully crafted archives. Redirects allowed attackers to exploit the vulnerability. The second error to have been removed was exploitable by setting the "window.location" to redirect HTTP headers and thus launch cross-site scripting attacks.

The third error originated from a memory management bug which attackers could exploit to crash the browser or execute malicious code on the victim’s system. These vulnerabilities also affect Mozilla Seamonkey, a new version of which (1.1.7) will become available in the next few days.

But shortly after version 2.0.0.10 of Firefox was released, the next crop of bugs was identified. US-based developer Kevin Han has reported a bug that prevents the browser from displaying graphics embedded using Javascript. The new version responds to the "canvas.drawImage()" instruction with an error message of "NS_ERROR_NOT_AVAILABLE"; instead of displaying vector graphics, the method now draws pixel images in them.

Despite the new bug, the Firefox developers still advise users to update to the new version of the browser. The Mozilla Foundation servers have versions in various languages with distribution packages due to follow in the next few days.

(Jan Rähm)

Comments


Print this page. Recommend
Slashdot it! Delicious Share on Facebook Tweet! Digg
Related Articles
Firefox 2.0.0.9 Corrects Latest Release
Security Bug in Konqueror, Updates for Seamonkey & Co
Mozilla Asks for License Integration into Ubuntu
Update Recommended: Firefox 3.0.8
Mozilla Developers Remove Critical Bugs
Webconverger 4.7 with Firewall and Adobe Reader
FREE Live Streaming Video from ApacheCon US 2009

Watch our free Video Archive from Apachecon US 2009. Archive provided by The Apache Foundation, COLLABNET, and Linux Pro Magazine

Drawing internationally renowned thought-leaders, contributors, and organizations in the Open Source community, ApacheCon offers insight into the culture and community that develops and shepherds industry-leading Open Source projects, including Apache HTTP Server – the world's most popular Web server software for more than 10 years.

Find out more

 

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2010 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux Technical Review]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland]
International: [Linux Magazine Brazil] [EasyLinux Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]