In association with heise online

27 November 2007, 12:19

Security update for Firefox web browser

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

As promised a few days ago, the Mozilla developers have released a security update for the Firefox open-source web browser. Version closes a total of three security holes discovered since the last update. The flaws remedied each include the vulnerability in the implementation of the jar protocol, which allowed attackers to fool certain protective measures/filters used by such websites as MySpace and others against cross-site scripting and active content. Attackers were thereby able to access user login information.

The Mozilla Foundation says that the vulnerabilities are critical. In addition to the jar problem, there was a bug that enabled referrer spoofing and a flaw that could be exploited to crash systems and inject code. Firefox users should install the new version as soon as possible. Firefox can be downloaded for Windows, Mac OS X, and Linux in various languages. The new version will gradually be automatically installed on all systems via the browser's automatic update function.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit