Language Selection

English French German Italian Portuguese Spanish

Firefox's flaws fixed in upgrade

Filed under
Software

The Mozilla Foundation, maker of the open source web browser Firefox, has released a security patch to plug two critical security flaws in the browser.

The flaws were found last week by net security experts. Danish firm, Secunia, called them "extremely critical".

Mozilla has now recommended people upgrade to the latest version, Firefox 1.0.4, which is a security update.

Firefox is Microsoft Internet Explorer's (IE) main rival. IE has dominated the browser market.

But many have switched to Firefox because, so far, it has had fewer security flaws than IE and is more customizable.

Although the vulnerabilities, reported on Saturday, had been identified no cases had been reported of them being exploited.

Secunia said they were "extremely critical" because they could have let cookie and history information be used to get access to personal information or access previously visited sites.

The first flaw reported fooled the browser into thinking software was being installed by a legitimate, or safe, website.

The second happened was related to the software installation trigger which was not able to properly check icon web addresses which contain JavaScript code.

Potentially, a hacker could have taken advantage of the security flaws to secretly launch malicious code or programs.

Full Story.

More in Tux Machines

Kernel 3.18 development – the kernel column

Linus Torvalds announced Linux 3.17, the Shuffling Zombie Juror, saying, “The past week was fairly calm, and so I have no qualms about releasing 3.17 on the normal schedule”. The latest kernel includes a number of nice headline features, such as the new getrandom() system call and sealed files APIs that we covered in previous issues of LU&D. Linux 3.17 also includes support for less highlighted new features, such as new signature checking of kexec()’d kernel images and sparse files on Samba file systems (which is significant for those mounting Windows and Mac shares). Read more

Qt 5.4 Release Candidate Available

I am happy to announce that Qt 5.4 Release Candidate is now available. After the Qt5.4 Beta release we have done some build & packaging related updates in addition to large number of error fixes based on feedback from Beta release. Read more

Weston's IVI Shell Sees New Version

There hasn't been much in the way of exciting Wayland/Weston developments to report on this month, but its development is continuing in its usual manner. Out today is another version of the Weston IVI Shell as it still works to being accepted upstream. The weston-ivi-shell is a reference shell for Wayland's Weston compositor running on In-Vehicle Infotainment (IVI) systems. The Weston-IVI work dates back many months and today's revision to the shell marks its eighth public version as it still seeks to be accepted into mainline Weston. Read more

Python 3 Support Added To The GNOME Shell

The GNOME Shell 3.15.2 release fixes some visual glitching, improves the layout of the extension installation dialog, supports the CSS margin property, and offers other bug fixes and minor enhancements. Most notable to GNOME Shell 3.15.2 though is there's finally Python 3 support. Many GNOME components have long ported their Python 2 code to Python 3 while GNOME Shell's Python support has just received the Py3 treatment. Details on GNOME's overall Python 3 porting work can be found via this Wiki page. Read more