Mozilla pushes out update, provides security suite add-ons

Browser maker provides package of add-ons for security focused Firefox users. Mozilla pushed out a Firefox security update Friday, repairing nearly a dozen flaws that could enable an attacker to crash the browser or take complete control of a computer. Firefox 3.0.14 and 3.5.3 fixes several critical vulnerabilities including a dangling pointer flaw reported via TippingPoint's Zero [...]

Browser maker provides package of add-ons for security focused Firefox users.

Mozilla pushed out a Firefox security update Friday, repairing nearly a dozen flaws that could enable an attacker to crash the browser or take complete control of a computer.

Firefox 3.0.14 and 3.5.3 fixes several critical vulnerabilities including a dangling pointer flaw reported via TippingPoint’s Zero Day Initiative that could allow an attacker to run malicious code on a victim’s computer. In addition a critical error in FeedWriter could be used by an attacker to run JavaScript code from Web content with elevated privileges, Mozilla said.

In addition Mozilla fixed nine memory corruption errors with the release of Firefox 3.0.14 and 3.5.3. The vulnerabilities resulted in crashes to the browser engine or the JavaScript engine.

Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

New security add-ons package

Mozilla is offering end users what is calls a Full Security Suite. What it has done is collected four security-oriented add-on tools that users can use to protect themselves from Web-based attacks.

  • NoScript helps stop a click jacking attack by preventing unauthorized code from running within the browser.
  • Better Privacy helps users concerned about their privacy to stop companies from tracking them using a new Flash-based cookies called Local Shared Objects (LSO).
  • AddBlock does what the name implies. It blocks those annoying add banners.
  • WOT or Web of Trust assigns color coding to more than 20 million websites based on the threat they pose. It can warn if you suddenly browse to a high risk site and even block inappropriate content for children.

The package is a nice start to highlight the tools, which have been available to end users for quite some time.  The tools each come with their own unique set of issues. NoScript for example may block some website features and need tweaking from time to time. AddBlock could also pose that problem.



Read Full Article
GSO
Written on Monday, 12 October 2009 08:39 by GSO

Viewed 27 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking News  Network Security & Hacking News / Subscribe to the RSS feed of Latest Security News  Latest Security News
Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

  • News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
  • News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
  • News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
  • News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
  • Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38
blog comments powered by Disqus
back to top

Site Search

Disqus Tools