Security Watch

Keeping Track of patches and hacks in the IT security world.

Apple, Mozilla Squash Browser Bugs

Apple, Mozilla Squash Browser Bugs

It's Patch Day in the land of Web browsers.

In separate warnings, Apple and Mozilla confirmed -- and fixed -- critical vulnerabilities affecting users of the Safari and Mozilla browsers.

The Apple Safari patch (available for Windows and Mac OS X), provides cover for at least four vulnerabilities (including Charlie Miller's winning CanSecWest contest exploit).

Here's the skinny on Firefox 2.0.0.14:

"Fixes for security problems in the JavaScript engine described in MFSA 2008-15 (CVE-2008-1237) introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstration that this particular crash is exploitable but are issuing this advisory because some crashes of this type have been shown to be exploitable in the past."

Also see this Bugzilla entry for technical details.