tooo funny...
Posted on 06/01/2007 3:08:01 PM PDT by Zakeet
The Mozilla Foundation has released security updates to fix multiple flaws that could result in system hijacking in its open-source Firefox browser, Thunderbird e-mail client and SeaMonkey Internet applications suite.
The bugs, deemed critical, are detailed in Mozilla's Security Advisory 2007-12. They include multiple vulnerabilities in Mozilla's Layout Engine and in its JavaScript engine that can result in memory corruption and lead to system takeover or DoS (denial of service). The function of a layout engine is to handle content such as HTML, XML, image files and applets as well as formatting information including CSS (Cascading Style Sheets) and presentational HTML tags. The layout engine displays the formatted content on-screen, filling in the browser's content area.
Firefox users who don't install the ANI patch are in danger of files being overwritten in an attack, given that the browser lacks a low-privilege mode.
According to Mozilla's advisory, the impacts of the vulnerabilities vary. "Some of these crashes that showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code," the advisory says.
Mozilla fixed the Layout Engine bugs in these updates: Firefox Versions 2.0.0.4 and 1.5.0.12.
(Excerpt) Read more at news.yahoo.com ...
I downloaded the latest version the other day. I ain’t got no Sea-Monkey. What am I missing?
Thanks!
I couldn't help but snicker a bit when I read this.
ping
Use Firefox almost exclusively now. Up dated it yesterday. The Cooliris add on is really cool.
Yeah...what b seamonkey?
I just updated Firefox to the latest, and LOVE the new spell check. Just like a good WP program, a misspelled word in the window for typing a post here is underlined in red, and you correct it by selecting options with a right click, including adding to dictionary.
No more using the awful FR spell checker with its moronic failure to understand words with apostrophes and hyphens.
This has to be making the Firefox folks very happy, they are now big enough to be worth hacking...
tooo funny...
Thanks a lot for the heads-up. Just updated my Firefox for Linux Mint.
I have to strongly disagree with you there. I've seen MS go months without fixing vulnerabilities that have been reported to them. Only when the folks who reported it to them threaten to go public would they release patches. I've heard of this happening quite a lot in the earlier days of XP.
Is there a secret handshake for upgrading thunderbird?
In some cases security people get so fed up waiting even after it goes public that they produce their own unofficial patch, which embarrasses Microsoft into finally fixing it. IIRC, that was the case with the WMF vulnerability.
Not much, it blows. It appears to be the latest incarnation of Netscape, with Netscape's vastly inferior interface to Firefox, but it does have a built-in email client and news viewer.
The truth is often times a hard thing. So brace yourself: remember those x-ray glasses they sold in comic books? THEY DON’T WORK!
:)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.