Printer Friendly

Mozilla patches eight Firefox bugs, six critical.

Byline: (Faiz Askari Askari is an Arabic, Turkish, Somali, Persian and Swahili word meaning "soldier" (Arabic: عسكري ‘askarī). )

Mozilla Corp. patched eight security vulnerabilities in Firefox, half of them critical memory corruption Memory corruption happens when content of a memory location are unintentionally modified due to programming errors. When the corrupted memory contents are used later in the computer program, it leads either to program crash or to strange and bizarre program behavior.  flaws in the browser's layout and JavaScript engines.<p>Firefox 3.0.7, the second security update this year to the open-source browser, fixes about the same number of bugs that Mozilla patched a month ago.<p>Of the eight vulnerabilities, six were rated "critical," one "high" and one "low" in Mozilla's four-step ranking system. The six critical bugs are in Firefox's garbage collection A software routine that searches memory for areas of inactive data and instructions in order to reclaim that space for the general memory pool (the heap). Operating systems may or may not provide this feature.  routine, in the PNG (Portable Network Graphics) A bitmapped graphics file format endorsed by the World Wide Web Consortium. It is expected to eventually replace the GIF format, because there are lingering legal problems with GIFs.  libraries used by the browser, and in the layout and JavaScript engines.<p>Mozilla was uncertain whether the four vulnerabilities patched in the layout and JavaScript engines could be exploited, but assumed as much. "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code In computer security, arbitrary code is executable code introduced externally that runs despite the intent of the original programmer. The code is injected into a currently-running application or its memory space, thus making the application execute the code. ," the accompanying advisory read.<p>Other patches plug holes that could be used by hackers to steal private information and spoof URLs to trick users into thinking they're at a legitimate site.<p>Mozilla also addressed several non-security issues in Firefox 3.0.7, including unspecified stability problems, a bug that caused some browser cookies to mysteriously vanish, and a Mac-only flaw associated with the Flashblock add-on.<p>Mozilla Messaging Inc.'s Thunderbird thunderbird

In North American Indian mythology, a powerful spirit in the form of a bird that watered the earth and made vegetation grow. Lightning was believed to flash from its eyes or beak, and the beating of its wings was thought to represent rolling thunder.
 e-mail client Same as e-mail program. , which uses the Firefox rendering engine for JavaScript and other functionality, was not patched today, although six of the eight vulnerabilities also affect it. Until Thunderbird is updated with those fixes -- mid-month is the latest estimate for Thunderbird -- users can protect themselves by disabling JavaScript, said Mozilla. By default, the e-mail application has JavaScript switched off.<p>The new version of Firefox can be downloaded for Windows, Mac OS X and Linux from the Mozilla site. Current users can also call up their browser's built-in updater, or wait for the

automatic update notification, which typically pops up within 48 hours.<p>In other Firefox-related news, Mozilla today said that it would change the version number of the next major update from Firefox 3.1 -- the moniker (1) A name, title or alias. See alias.

(2) A COM object that is used to create instances of other objects. Monikers save programmers time when coding various types of COM-based functions such as linking one document to another (OLE). See COM and OLE.
 used since May, when the company first announced the upgrade -- to Firefox 3.5.<p>The change, which had been suggested by several developers, will "indicate [the] increased scope" of the update, according to meeting notes posted online today.<p>Last week, one developer called on Mozilla to bump up the version number. "That way we would more clearly communicate to users that this isn't just a minor update but a major step forward," said Simon Paquet.<p>Mozilla also modified the schedule for Firefox 3.1 Beta 3 -- it is too late in the process to change the beta to 3.5 -- today, pushing back the ship date for the oft-delayed preview from an earlier estimate of March 10 to March 12.<p>Firefox holds a 22% market share, according to browser data from Web metrics company Net Applications Inc.<p>Copyright 2009 IDG IDG International Data Group
IDG Integrated Drive Generator
IDG Installation Design Guide
IDG Internet Discussion Group
IDG Inset Dielectric Guide
IDG International Dangerous Goods (mail, shipping) 
 Middle East. All rights reserved.

Provided by an company
COPYRIGHT 2009 Al Bawaba (Middle East) Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2009 Gale, Cengage Learning. All rights reserved.

 Reader Opinion




Article Details
Printer friendly Cite/link Email Feedback
Publication:Network World Middle East
Date:Mar 5, 2009
Previous Article:Security Implications of the Humble Computer Clock.
Next Article:Vendors see future in iPhone business applications.

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters