Mozilla has patched a critical patch bug
In a belated announcement, the Mozilla team has reported that the recently published updates for Firefox and SeaMonkey also remedied a critical security hole that had been caused by a patch published in December. The attempt to fix a bug occurring during IMG tag handling allowed hackers to execute arbitrary code via javascript-URIs on the system - even if JavaScript execution was disabled.
Thus, the patch has not only failed to eliminate the security problem, but has even worsened the situation. In 2006, Microsoft struggled with similar problems related to Internet Explorer.
Thunderbird users have not been affected by this bug. Although the incorrect patch was integrated in this program, too, the mail client does not execute javascript-URIs in IMG-tags. The bug has been fixed in Firefox 2.0.0.2/1.5.0.10 and SeaMonkey 1.1.1/1.0.8 versions published in February. The Mozilla team advises users to upgrade to these versions.
- security advisory from the Mozilla team
(ehe)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
