Language Selection

English French German Italian Portuguese Spanish

Firefox's flaws fixed in upgrade

Filed under
Software

The Mozilla Foundation, maker of the open source web browser Firefox, has released a security patch to plug two critical security flaws in the browser.

The flaws were found last week by net security experts. Danish firm, Secunia, called them "extremely critical".

Mozilla has now recommended people upgrade to the latest version, Firefox 1.0.4, which is a security update.

Firefox is Microsoft Internet Explorer's (IE) main rival. IE has dominated the browser market.

But many have switched to Firefox because, so far, it has had fewer security flaws than IE and is more customizable.

Although the vulnerabilities, reported on Saturday, had been identified no cases had been reported of them being exploited.

Secunia said they were "extremely critical" because they could have let cookie and history information be used to get access to personal information or access previously visited sites.

The first flaw reported fooled the browser into thinking software was being installed by a legitimate, or safe, website.

The second happened was related to the software installation trigger which was not able to properly check icon web addresses which contain JavaScript code.

Potentially, a hacker could have taken advantage of the security flaws to secretly launch malicious code or programs.

Full Story.

More in Tux Machines

SteamOS A Linux Distribution For Gaming


Picture

SteamOS is a Debian Linux kernel-based operating system in development by Valve Corporation designed to be the primary operating system for the Steam Machine game consoles. It was initially released on December 13, 2013, alongside the start of end-user beta testing of Steam Machines.
 

Read At LinuxAndUbuntu

KDE Applications 14.12.3 Officially Released

KDE Applications 14.12 has been released by its makers, and it’s a regular maintenance update. It comes with a ton of bug fixes and will be soon available in various repositories. Read more

Understanding The Linux Kernel's BPF In-Kernel Virtual Machine

BPF continues marching forward as a universal, in-kernel virtual machine for the Linux kernel. The Berkeley Packet Filter was originally designed for network packet filtering but has since been extended as eBPF to support other non-network subsystems via the bpf syscall. Here's some more details on this in-kernel virtual machine. Alexei Starovoitov presented at last month's Linux Foundation Collaboration Summit in Santa Rosa about BPF as an in-kernel virtual machine. The slides have been published for those wishing to learn more about its state and capabilities. Read more

Calligra 2.9.0 is Out

Packages for the release of KDE's document suite Calligra 2.9 are available for Kubuntu 14.10. You can get it from the Kubuntu Backports PPA. They are also in our development version Vivid. Read more