Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


New Firefox Updates Eliminate Major Security Flaw



 By: Chris Preimesberger
2007-02-23
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The security and stability revision stops hackers from being able to tamper with how Web sites are displayed and how they operate.

Mozilla on Feb. 23 released updated versions of the Firefox browser, v1.5.0.10 and v2.0.0.2, for Windows, Mac and Linux, which include the fix for a major security flaw.

The "location.hostname" vulnerability potentially allowed hackers to tamper with authentication cookies for third-party sites, manipulating how Web sites are displayed and how they operate, Mozilla said.

Click here to read more about the location.hostname vulnerability, and how it could be used to make a malicious site appear authentic.

"We strongly recommend that all Firefox users upgrade to this latest release," said Mike Schroepfer, vice president of engineering for Mozilla, in Mountain View, Calif.

Resource Library:
"This update resolves the location.hostname vulnerability, and other security and stability issues. Thanks to the work of our contributors, we have been able to address these issues quickly in order to minimize the security risk to Firefox users."

Click here to read about a critical memory corruption flaw that wasnt addressed by this update.

The updates are available immediately in 37 languages, including French, German, Spanish, Italian and Japanese.

Other security fixes in the new versions, according to Schroepfer, include improvements to help protect against cross-site scripting attacks; an adjustment of Mozilla Network Security Services SSLv2 to stop buffer overflow; the fixing of XSS and local file access by opening blocked popups; the elimination of spoofing using custom cursor and CSS3 hotspot; and the elimination of information disclosure through cache collisions.

For details on which flaws were fixed in this release, click here.

Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007; however, all users are encouraged to upgrade to Firefox 2, Schroepfer said.

Users who already have Firefox 1.5.0.x or Firefox 2.0.0.x will receive an automated update notification within 24 to 48 hours, Schroepfer said. This update can also be applied manually by selecting "Check for Updates" from the Help menu starting later in the day on Feb. 23, Schroepfer said.

The new Firefox v2.0.0.2 update can be obtained here. Firefox v1.5.0.10 is available for download here.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: New Firefox Updates Eliminate Major Security Flaw
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Chris Preimesberger
 


x}r8s;iW1ŋK-iXTF((ئHIVO 7](ɗj9劲%L!H|GgoD.01tE1>zޤ>w}?F0TEK Ϡ^-ȐZC}wu9k!;{#|6%}w *s=NNK&OV`N}ٜc7h2 X - (kzZ'j(CL}<KE!H|2cַ(>r@ߩV8ALéM}!*{|DJ%h!GQusad^x/4U;aϏrwSѡ*v25v+!6^;r9Fȹ3z$nPrN7w#25NRZ@[4HeCc`wXS.PVfFԴ;gu[gc]ױ}ǣ!&$f=~0[QMK.l5ZJpfO,ӇqtR0wcE[5'0m_j| sfqDfnrd1KU ozcn1 :t<=0;xtTa_dY736]ަ<5T:Ԫr\ˇJY0my-Ӟ=7?t? k_~^(eU{>ΑGAnnkp[J^׵vSq>t;g=rܺ 근;AڼWYJL~#@DR˅4ID>&-É WP O.jQҋZF-oZMюR=&Y̮g fV҈ 'UUXNڭ^S~6zvEzv lM,!R42V,]?#{sHբy|q۾jvnsCVI3a Og׵V?~['^=v??N-rO=jZ-Jjg$ޗ)I|[8fIq޻ z%Ku}7pCKgǰfeٜ%YWa o\zcgFMIםn?]8^%glh|X.B2iK1.PWG5MGR>M獯fz\CU9-|Qnl 2XbXvP7HYA^ǟgA05tSOc|>9m'!|emxZ.s3Ї4!D& a;Ah>[W uK鴉c| k2ZE'6`FUMR|%||=Ꭴm_4@>J|z[.z8 9r!M5kb$`CfO <eg plYWo%,ވյ݋pz9(KӺJjp /H#o` m_EڠueLGi K-C IP֦(X +ezdxy62&CInQx{gOk]0\PeȄeê%M*K; ʸAnHf ~g &ʥ ;u\cϗzu@n'ztqӱ3 `ǟG(a!w1JkX$ M=̔:Y[ ~2.|N +e@m\:|ꚺ8],- guaGjH Ws4FME8@m"=QINR} ȴ^oZuc#b J ,䧢\R ~D[d"vd\6˰@e9ִ&3r,yF z4nIp]i%riڳPxP_3s@L$T2`G7S] eaaȣuŅ^ۨa섏 5o`"12l3u&/zt|tE% i4Q,(J9A)` L] TyvG0$t`m\>(epF,`^\|> B K'"Z``Es ǖYCǖbT۔Ђ;|P*'i~Ò?DBCizi}~هF9C!%PPo?EjP6cC+jr\T+ 7+|f~~{ ߥCc *|}Gw'Ϸt7ZpE9[J?z}0t*rȵ>gs|eLZjAB;<R)hӀRBVAE ap` u7qfv9AC]3@$74]tB HQAqGs;OM?b %NJt yD\U4Ueawg* :A WtA=,(YG)Y4ZwiYOS)&Vt u| `_snM<=צK$ Xv-1hXa:5UV *~m{/R.8F2<"8dS>dV}P@K&nƚ67/=ϼd[̌<9C 7V"=_`%sQl xv@̬[}#u56霎0 M"'\մRb/X`#1s*? =< Rglס3n22󓫻玾zXFpA I'}f m۠|m,uMn1ya%[4w)n<0{L3gJ> inj`$d6PC,lZ>ǐl\O/ ~'A&wMO0="c^f.k}YypN*})ϣDʌYE/Q U-q'.Ҁ^ߵKs9bvv迌2KV)+i+TX񋰷 ?3pa-XPjx3HU }dEO C/ ސOF[GCn$C|)AT7y`*+ZR> +8ri4rOk,Zv~X+kpo9 2j>uR>,fK'2_vܖ[J,]a u0 mL%Q讻h\Ah1semfaI3N9`{IO$#J7ᝬjCU]U%P-HjYxn:0ȘُYD[h8tpM\&eM=J皽6Dz<#ϟݜ;} >L;H墦AkR;~O+a>&ri: Gt@e!EO*'-JpX8YPX9H(PK Yz>ۻmpI74!,(~fm?<{aAVy/ЏWK޿H iïR)X)/[lb8 } L@IP 4t?&!}́{9Eul_}n;l᳋Y/`y Br+'^s)\6n>ėtO;~\ZR1^ZdF1qxuĒU8*DEqp|ly\3amG 'L=\=8i8t/=^q@ښҹin8`B4c-Ig Ay8<^;фZko#s~uX /PH2>(_1aXHT dDݽh|de؋N'2 m! D78S*PW"REH%IAϚM_f| bt4zUt"wۿPo1r!~_!c&o8~ ɮPhLVb:nl&B2^'68/]h19ޏI /p]Zqnuz{D&aP;DZ3pq*h hwl)~ڲ{, /<=;SL%M([4viauKb)/ȔbJ4:<Qd2Y$iYMzJ,bTcH(PKFI3>eޞ,Hq=Ym@ybZӽK3%ˏ;/GX ;[ .ViH_8_`O",GXkI)j[YUH*?vƇ!qbwy~@0GW刜|1{~T=ͥ0i8;_=?PZSgOɭ2sXs\uSf8Cەg_BxYa1~h8Sݴq쐫N4.zҸ;1LNZ_ |2$?[0{#|&j~>xGM>x@uS意g 9rĸe_)=l uKtؗ{vO n4]9n逧Usd{I2ӱ$BUUk ۻȾ\EVeΜtՕ^t;>rix7YM (f,yi9}doxzo=ȥq?*~OϺ7]f+wB%-JKz9nhp;D%EȁqQ#y∶K`!j>b{+&bi4W3[T=}z{fvÏ9"i ј@.,vd6tY ~AXy hw9g; 91lPfp~n ֘@lll4RbhM9oj9٢pr[0\k9f>m` \ q^8 ~IPWIU)%j|N>.Rg@dn ן3w%%ߏ7yEbbZy2larx/`; +q9:)ֻ n2g@V)m_-r0,<'}$$'?L),:,ʠIsA9-z? mCȜh[׆.,#(X*a>Xfi1ԏ֙vV;deI*qIM +bx&R!%KR$]qN"q/.+q=MnA$h`(U j)N4{$Jk1$$Vy54ɧR%rByd}n o)[Ē4`󿛣㓹lP Q_-}88u!銌 ShE^+%&W+gEhhYDlޠx1?ȮH-L8}!$v ~ZZ\Uɭ~K;.!ˬI aB4ozl3*:R,@Np)K fR0sҙL%4oaͥR+Z1}IA 2FoF$ V$<[Np͐,dw,ppo m!^K|H;uIU%>y.W3K\,CΗN'=Pa͔D Ho&F"m;/DMI$-5^.Mҥ"d6n`"[f@Armζǻۑ@@m jrm1Ԓ֐>ꮿ0R|)5&l"ld}ˊ;HmK#ӈ2mb"]%O!ZTiBIb՜(6@?!U"z~-yq|,S֠[TѴA}Tؖʯ&k` K0[\:"ab7ـZx> "I1IdjJHN;7w`XtYa",_~ !B4 zg;mw8A>&^/KqԟҮ˸:zc +e5Wq" 7~s~s~s~s~}WlVKxdט7]sTE0>.]PI!B]ڻNzm+/境jY[$[LX|/'73MЄtRcP縒3bO[RbWT\s:RmRAa%0z}X5A6»i8tR>arOBo\ "=ؒ(_Y;..*6LM:g/EPƻdb=|˹|5{Z;ѥ/Oj{jԱ t^'m~P:,f&$,]߶:GwIO!#****|BMyk´>k5&11@ %g>wj}_a72u 6ԶG S@tM|G"R1zH^f0}|W+aY?Ȁ{-4=0͠%6Y~gj w .P4W>W>fDx]m~q0]lK`%187~kʁV=P, xᡂ߸֊[NiΞCm%\kk ͨ4$p{-pl|H]p\dIw'yLde,h6<`iO3طO0q_nB]yLGvTk<u@‹>OA&p副 W" +1G@MrtxMwWﱻ6ē~O% eevךQ|l:n{e*ju<6&H#Z(t^q᫉P؆68!#9pѰ-LX8ߋn!,pZ8Q2䄲e~bJbfiA i!Fvq{Kb+nI7F$qя`+jj5ޮ^ b/akjrF-?x$ǍE/]^|~8.2dС1=^P_7`;T \sj61R>&sjxKVQ՜|咿<^YR zab]1a}*B UNz yԥ:BM^E*WBhr^Ũt.bfƆX50Vz^3llz^CΧM` J }+n'-;3x"(fU'j"k?tnw=t8I{nHte)ō< 7[K`65~OR.g@%[5\Z 0!4)EZX+(%\z`Ly˛yp ͬG[RJYIva~X6˨w: @\um =Kjg~RߊuXy070afF+iFwF#sHOcLz죚cDU<11t+P̲jNT\OpYT wA>poɖàZEQt#ߛ3,ȏ]kKlݜ(8&Cjq$!%H$bcx=9aamʀdka]N̡/#~|aP\  +z+U'I]Ui_)p!xW`ǪZJkWv^ߧx0n?.4!W)WPh r##vFCdS|@|LBz،Pn0q}}unHݴZ{zӾ;WuѹP֊_ԝNiYu}Ӿ<11(kyl21^ ΒQ9j\28SѢKs!Yx9K xU" /ELyx&(ݞ? vbD0/& F^ 21eSh6oZݮ֖S}ـVՑt.5]rRO-: nFh9j0c-W܄qP "v[\rФo%u@@/B7P~(@y') 8h2Ot},?3Z_~\(3UF9_/݌/Pe}Ȁڮ~1?0ˌ_, ^~.3s %e}^}^f'U>Cs(?(-/3a~2 *`2d!: _::>o~n2 f fˠ??}}ʠP99c|3w Y@{ f wAI]'Iz|ָƅ)IFy)W?ɠRE৬rXB]eBy<++PA/Үw2 < 3_u3 ̭L_קfr]!,.5PUZk /Y[Sݴq c- {}ih}0^Z/ޤ2_{PxZLԸRGpoQV" #<@o>t}e\ 7AmO74j`n{hϦd󠦲iPͩȪ)N(~P"D74\9KqbBPKt=7xz m̹~o̮8Fh@R#9w6EM++J9wWrq@DdzUUEVro9 VVK D`q9CTx|Femګ,91C=bhǬ[ɖb(wp E#УcoH˘E͛YȌ*Eu// {_A1Cf@2b/`{8z=(J7}YE6VI2hؐC ؒ9Nحa0 S|wNK35,>60pCs'@0^m o=]FӴFo"9 ţ*aѾ(Y^ƊӍܝ4ܩ -fg)gxp1?-T϶{3]9!5C ]ݨ3fȸK5 X 9cy7M1֌ٝ]%$2&ƃB|8$Ҵ`gĈIL mb[>/tI^}_Ξ39D$&~6gIk-}x= %$Id`M߁93t^ ɡ=$>x*8]vu$$}9= ڤ%+oTù(頲;y96M/ 9ao5RFXk;NLZԝ86Zd5:LA[ >%v cf\gHa)x<q V3n,=GIjg_5 BF3q< Y8[T"?WobNm& ”s]q J31> N_dvO~5B+π 8H2Gd!᳤c"5("vy9mKd7-YoˊL3t#m{4RVfХA񿄷zH, 7AQ^+yJ>? T@| %G\6LDR}F0~Nڽ]V0N9DEPޙi 梟ˎ4) m'#8C>ܸlQ޺%76x}ҀΧ^pgUvy* *>`H6A1^[zD,5bb:(/z0 9LMhc{pfi#fSSG3 τ ixv4<1@TF_E@G7`yUĄfٵ\RJnrmmSkJ >dS1'@j0\|1H d9[\K^مt&3k9/YH~>  \99.@$ASP_Xџ]̑?q*g\%ƕyzXqө8Yo~\.˛_,sՓ/G<|Xyx8~']f(FRqO\|j<(>\tnb3/=i)-9EKB4[i B"Ewh6W񲞽Tw r̳G`bhPlQSVIFv3HZ\֓CX-lu o]jm٦d T4s_hj*J6