Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Firefox update plugs 'critical' holes ~ More detail on security update...
CNET ^ | July 27, 2006, 11:30 AM PDT | By Joris EversStaff Writer, CNET News.com

Posted on 07/27/2006 10:37:32 PM PDT by Ernest_at_the_Beach

CNET News.com*********************************************

Mozilla on Wednesday released an update to its popular Firefox Web browser that fixes a dozen vulnerabilities, seven of which it deems "critical."

The most serious of the flaws could be exploited by cyberattackers to commandeer a vulnerable PC, according to Mozilla. The company, which oversees Firefox development, has published security advisories for each of the flaws repaired by the Firefox update.

The flaws are fixed in Firefox 1.5.0.5, which Mozilla has started pushing out to Firefox users via the update feature in the open-source Web browser. In addition to the security fixes, the browser update includes stability improvements, as well as changes for the Frisian version for some users in the Netherlands, Mozilla said.

"Firefox 1.5.0.5 is a security update that is part of our ongoing program to provide a safe Internet experience for our customers," Mozilla said on its Web site. "We recommend that all users upgrade to this latest version."

Security monitoring company Secunia rates the update as "highly critical," one notch below its most serious ranking.

Mozilla also released updates for its SeaMonkey suite of applications to address security issues that apply to those programs.

While some of the security flaws may affect the earlier 1.0 versions of Firefox, Mozilla is not providing updates for those releases. Its version 1.0.8 was the last refresh for the 1.0.x line of Firefox. All users are advised to upgrade to the 1.5.0.5 version. The 1.0.8 version came out in April.

Developers are working on Firefox 2, the next major version of the Web browser. Mozilla earlier this month shipped the first beta of the new browser, which includes such features as a phishing shield to protect against information thieving online.

Microsoft, meanwhile, is putting the final touches on Internet Explorer 7, a reinforced version of its Web browser. Designed, in part, in response to competition from Firefox, IE 7 is due out in the fourth quarter of this year.


TOPICS: Computers/Internet
KEYWORDS: computersecurity; firefox
Navigation: use the links below to view more comments.
first 1-2021-24 next last

1 posted on 07/27/2006 10:37:33 PM PDT by Ernest_at_the_Beach
[ Post Reply | Private Reply | View Replies]

To: ShadowAce

fyi


2 posted on 07/27/2006 10:37:57 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

IE7- lipstic on a pig.


3 posted on 07/27/2006 10:44:03 PM PDT by Wacka
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

bumpb for later


4 posted on 07/27/2006 10:44:22 PM PDT by Danette ("If we ever forget that we're one nation under God, then we will be a nation gone under.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Wacka

lipstick


5 posted on 07/27/2006 10:44:26 PM PDT by Wacka
[ Post Reply | Private Reply | To 3 | View Replies]

To: All
From slashdot:

Spyware Disguises Itself as Firefox Extension

***************************************

Juha-Matti Laurio writes "The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The most dangerous part of the issue is that it records itself directly into the Firefox configuration data, avoiding the regular installation and confirmation process."

6 posted on 07/27/2006 10:47:00 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Danette; Wacka

See post #6...another E-Mail approach.


7 posted on 07/27/2006 10:48:37 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 4 | View Replies]

To: All
Guess I need to put this link out so it is obvious:

Spyware disguises itself as Firefox extension

***********************************

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. It is currently being openly disseminated through spam emails that purport to come from Wal-Mart. If the recipient opens the mail attachment while running a Windows operating system, the Trojan then installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. McAfee has dubbed the Trojan "FormSpy," although the company is still currently categorizing its distribution as low.

The file attached to the email consists of an executable Windows program, the AXM downloader. Once launched, it fetches the extension from the Internet and records itself directly into the Firefox configuration data, avoiding the regular installation process. Firefox extensions are normally distributed as XPI files, which ask the user for confirmation after forcing a pause of several seconds.

In a blog entry, Geok Meng Ong from McAfee Avert Labs called on users to take extreme caution when installing unsigned Firefox extensions from untrustworthy sources. This well-intended warning was actually off the mark on several points. One the one hand, only very few websites are authorized to install extensions without seeking additional approval. Furthermore there are at the moment virtually no signed extensions for Firefox or Mozilla. And finally, that mechanism would not have protected against this attack. This is because the user, in opening the file attachment and thereby allowing the foreign program to execute on his computer, automatically provides it with his own usage rights.

An effective protection against this attack is simply never to open file attachments that you have not requested. It is also important not to rely on seemly trustworthy 'From:' address fields, since these are easy to forge. When in doubt, confirm the legitimacy of the email with the purported sender in another way, such as by telephone. Further tips for safe handling of email are provided at heisec Emailcheck.

See also:


8 posted on 07/27/2006 10:53:33 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 6 | View Replies]

To: All
This might be useful:

heisec Emailcheck

Courtesy of

*********************************************

Email has become the main entry point for viruses and worms. Inboxes are full of infected emails, and new contaminants are popping up every day. While anti-virus programs can reduce the risk, they cannot eliminate it altogether. It is therefore important to change your behaviour and the programs you use to take account of these threats.

Here, you will find everything you need to know to protect yourself from the flood of viruses. The section More info describes the possible risks, such as HTML emails and file attachments. Under Changing settings, we show you how to configure your email program to make it secure. Under Test emails, you can have emails sent to you that will reveal typical weak points without causing any damage.

For comments and suggestions, write to: emailcheck@heisec.co.uk


9 posted on 07/27/2006 10:58:52 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 8 | View Replies]

Go to first link fpr more detail//////


10 posted on 07/27/2006 10:59:50 PM PDT by Ernest_at_the_Beach (History is soon Forgotten,)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Ernest_at_the_Beach; All
On the subject of browsers: I just downloaded Opera 9. I did so pretty much just for sport. I've been committed to firefox for some time, but I stumbled on a couple of rave reviews for opera and decided to go for it.
A couple of notes:
1) it plays nice. meaning it installs easily and w/o any ham handed "I'll be your browser now attitude."
2) it looks good. the interface is pretty and intuitive
3) it is good for testing and esoteric/geeky web dev activities.
4) it has several neat features: the site by site preferences, the rewind / fast frwd feature, the tab preview balloon, the trash can for closed tabs, etc

My been using it for 45 minutes review is definitely two thumbs up.
11 posted on 07/28/2006 1:21:12 AM PDT by FreeRadical (That's no "open container" officer. That's my beer.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: FreeRadical

yep...and did u try the voice part...i just used that...pretty nice idea even if it does sound like a female terminator..


12 posted on 07/28/2006 1:34:23 AM PDT by Irishguy (How do ya LIKE THOSE APPLES!!!!)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Irishguy
No, I have not tried the voice thingee. I wondered if that might be cool to use for a "books on tape" kind of thing. ie: Find a good ebook (loads free til August 4, 2006) and let this thing read it to you.... seems like a cool idea but if the voice is grating that would be a bummer.

I do plan to keep playing with opera some, but I already miss firefox. How much of that is functionality vs familiarity I'm not sure.... but my hunch is my quickly missing firefox is almost all familiarity/comfort and that functionality is about the same, at least for the "base models". IMHO some of the extensions for firefox are just full on righteous and only getting better. (aardvark, edit css and web developer extensions immediately come to mind)   Opera does have the widgets notion, but a first glance at those was a little underwhelming.

Who knows & who cares -- it's all fun and games when you're a geek like me.

13 posted on 07/28/2006 2:33:05 AM PDT by FreeRadical (That's no "open container" officer. That's my beer.)
[ Post Reply | Private Reply | To 12 | View Replies]

To: FreeRadical; Irishguy

update: Well, I downloaded the speech "extension" for opera.
It does not work with the pdf viewer, so much of my books on tape idea seems blown out of the water.
OTOH, The darn thing will make you laugh. I had it read my last post to me and it had me LOL. (a sure sign it's time for me to log off, if there ever was one.)


14 posted on 07/28/2006 2:51:03 AM PDT by FreeRadical (That's no "open container" officer. That's my beer.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: fivekid

bump


15 posted on 07/28/2006 3:15:31 AM PDT by fivekid ( STOP THE WORLD!!!!! I wanna get off.........)
[ Post Reply | Private Reply | To 14 | View Replies]

To: sneakers

bump


16 posted on 07/28/2006 3:28:23 AM PDT by sneakers (Freedom is the answer to the human condition)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach

Bump


17 posted on 07/28/2006 5:04:54 AM PDT by Tinian
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; Bush2000; PenguinWry; GodGunsandGuts; CyberCowboy777; ...

18 posted on 07/28/2006 5:14:51 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
Designed, in part, in response to competition from Firefox

Uh, no, designed ONLY in response to competition from Firefox. Microsoft hadn't touched IE in years, except for a few security patches, until Firefox started gaining marketshare and mindshare. Until then their idea of competition was to purposely make MSN render badly for Opera users.

19 posted on 07/28/2006 6:04:21 AM PDT by antiRepublicrat
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ernest_at_the_Beach
firefox....gettin' better and better. :)
20 posted on 07/28/2006 7:44:46 AM PDT by skinkinthegrass (Just because you're paranoid, doesn't mean they aren't out to get you....... :^)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-24 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson