Language Selection

English French German Italian Portuguese Spanish

Mozilla Updates Firefox to Fix Security Gaps

Filed under
Moz/FF

The Mozilla Foundation updated the Firefox Web browser Tuesday in order to patch a series of security vulnerabilities, including widely publicized browser spoofing issue and a frame-injection issue.

Mozilla has released Firefox 1.0.5 and plans to follow it with new versions of its Thunderbird e-mail client and namesake browser application suite on Wednesday, said Chris Hofmann, Mozilla's director of engineering.

The Firefox update fixes 11 security issues discovered both by outside security researchers and from Mozilla's own Security Bug Bounty Program, which offers a $500 reward for reporting bugs.

Hofmann said that Mozilla knows of no exploits of the security vulnerabilities patched in Firefox 1.0.5.

Among the vulnerabilities plugged in Firefox 1.0.5 is a browser spoofing issue reported last month by security researcher Secunia. The spoofing vulnerability, which affected all major browsers, could aid scammers in successfully launching phishing attacks.

Users could be convinced to provide sensitive information in JavaScript dialog boxes that do not display their origins. To fix the issue, the Firefox upgrade now displays in a JavaScript window's header the Web address of the source of the prompt's content, Hofmann said.

Also last month, a 7-year-old frame-injection vulnerability, which had been patched in earlier versions of Mozilla browsers, reared its head again in Firefox.

The new version patches the flaw, which had the potential to allow an attacker to load malicious content in the browser window of a trusted Web site by exploiting the way browsers handle frames.

It is working on a revamped software updating system for the next major release of Firefox, Version 1.1, which is due for release later this summer.

A second alpha release of Firefox 1.1, called "Deer Park," was slated to be available for testing among developers as soon as Tuesday.

That alpha was supposed to include early test code of the new software updates system, Hofmann said.

Full Story.

Strange

I went to the mozilla site to get the source for 1.0.5 to rebuild my rpm for pclos and there source isnt listed as yet. I guess I'll have to wait until the source shows up in their repo.

re: strange

Yeah, dang, it still ain't up.

----
You talk the talk, but do you waddle the waddle?

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Security and Linux

Leftovers: Software

  • Samba 4.2.2 Officially Released with over 30 Bug Fixes, systemd Improvements
    Samba, the world’s most used software solution for accessing shared Windows directories over a network in GNU/Linux and Mac OS X operating systems, has been updated to version 4.2.2.
  • PacketFence v5.1 released
    The Inverse team is pleased to announce the immediate availability of PacketFence 5.1.0. This is a major release with new features, enhancements and important bug fixes. This release is considered ready for production use and upgrading from previous versions is strongly advised.
  • Get started with Midnight Commander, a Linux file manager
    Midnight Commander (MC) is a text-based Command Line Interface (CLI) program. It is particularly useful when a GUI is not available but can also be used as a primary file manager in a terminal session even when you are using a GUI. I use Midnight Commander frequently because I often have need to interact with local and remote Linux computers using the CLI. It can be used with almost any of the common shells and remote terminals through SSH.
  • Cinnamon 2.6.3 Now Available via the Romeo (Unstable) Repository for Both Linux Mint 17.1 and LMDE 2.0
    As a reminder, Cinnamon 2.6.3 has been recently released, adding only fixes to the previous release from the Cinnamon 2.6 series. Among others, the use-system configuration key has been split into three different keys, the calendar applet is not properly refreshed, the pidgin tray icons have been updated, the on-screen keyboard has been enhanced and the date format setting is now respected in the notification applet. The full changelog can be read here.
  • The Boomaga PPA Has Received Packages For Ubuntu 15.04 Vivid Vervet
    Boomaga is an open source virtual printer software, having support for the most popular printers, via CUPS and Gutenprint. Unlike CUPS and Gutenprint which provide drivers for printers, the Boomaga virtual printer enables the users to view the document before printing, adjust the margins of the page, manage the number of documents per page, export the to be printed files as PDFs and others.
  • Yet Another Network Speed Ubuntu AppIndicator
    Indicator Netspeed Unity is an Ubuntu AppIndicator which displays the current network upload / download speed on the panel. Despite its name, it should work with any panel that supports AppIndicators.
  • Essential tools for hardening and securing Unix based Environments
    System administrators are aware as how important their systems security is, not just the runtime of their servers. Intruders, spammers, DDOS attack, crackers, are all out there trying to get into people’s computers, servers and everywhere they can lay hands on and interrupt the normal runtime of services. Being able to identify tools and techniques to harden your systems is a key play on securing your systems. Moreover, choosing the right tools is a matter of experience. You should try most of them, or perhaps the ones that are popular. I chose free and open source software because, if I want to, I can check the applications source code and see for myself how did programmers wrote the software, how did they manage to keep the software easy to understand etc.
  • Antivirus products for Linux compared
    Though Linux is often seen as being immune to malware it's still important to have protection, partly because Linux malware does exist, even if it’s rare, and partly to prevent the passing on of viruses to more vulnerable operating systems like Windows and Android.
  • Opera Dev 31.0.1876.0 Brings New Discover and Settings Pages and Other Fixes and Enhancements

today's howtos

Leftovers: Gaming

  • Co-op Gravity Platformer 'Ibb & Obb' Now Available On Steam For Linux
    We wrote about the game when developer Sparweed was looking for beta testers in September. I took part in the beta, along with a Steam friend, and was able to play it then. The game was very prone to crash for no apparent reason at the time though, and it also had several other issues, including problems with input and the Steam overlay. Thankfully, the game is in a much better state now, and after playing for about half an hour yesterday, neither I nor my friend encountered any of the issues we experienced before.
  • Adventure RPGs Hero Of The Kingdom I & II Released On Steam For Linux
    I bought Hero of the Kingdom and was going to just give it a quick test before writing it up, but before I knew it an hour had flown by. The premise is that your farm has been burned down by bandits, and not having anywhere to stay, you go out on a quest to find your father. Along your way, you meet all sorts of people who will help you find your way, as long as you help them with various tasks. The story isn't deep and the writing is simple stuff, but it has its charm and is definitely serviceable.
  • Valve Changes the Tux Logo with the SteamOS One, Users Are Now Confused
    So this just happened! It would appear that Valve just took the decision, without asking users first, to change the Tux logo with the SteamOS one on both the Steam website and the desktop client.