Web & AppsPosts Tagged Security
Firefox Quantum: New logo, new design and more speed
Mozilla's new browser "Firefox Quantum" is finally available. The software was not only visually redesigned, but many improvements were also made. The developers expect the biggest release so far to increase their market share in favor of Firefox. The browser code has been reworked to 75 percent.
Changes in Firefox 3.6.13
In the current Firefox version 3.6.13 there are several changes that improve both the stability and the security of the browser. In total there were 11 security-related updates.
- Incomplete fix for CVE-2010-0179
- Integer overflow vulnerability in NewIdArray
- Use-after-free error with nsDOMAttribute MutationObserver
- Java security bypass from LiveConnect loaded via data: URL meta refresh
- Add support for OTS font sanitizer
- Crash and remote code execution using HTML tags inside a XUL tree
- Chrome privilege escalation with window.open and ISINDEX element
- Buffer overflow while line breaking after document.write with long string
- Miscellaneous memory safety hazards
- Location bar SSL spoofing using network error page
- XSS hazard in multiple character encodings
Firefox 3.6.12 fixes a critical security issue
After the release of Firefox 3.6.11 Mozilla has presented the next version of the successful web browser. More or less pleasant, of course, are the reasons that led to a new update. Morten Kråkvik has found a vulnerability in Firefox, with that he could provoke a heap buffer overflow. This makes it theoretically possible that an attacker could execute malicious code on the computer.
The vulnerability can be achieved by the use of Javascript functions document.write exploit with DOM. This problem affect the versions Firefox 3.6 and 5.3, also Thunderbird and SeaMonkey are affected. It is gratifying, however, that Mozilla has reacted quickly and has now fixed the vulnerability. With the new version Firefox 3.6.12, surfing through the internet is safe again.
Mozilla closes lot of security issues in Firefox 3.6.7
Mozilla has released another version of Firefox. With release 3.6.7 a lot of security issues are resolved. About 8 critical and 2 high priority problems.
A list of the fixed bugs:
- Remote code execution using malformed PNG image
- nsTreeSelection dangling pointer remote code execution vulnerability
- nsCSSValue::Array index integer overflow
- Arbitrary code execution using SJOW and fast native function
- Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
- Use-after-free error in NodeIterator
- DOM attribute cloning remote code execution vulnerability
- Miscellaneous memory safety hazards
Most of the bugs comes together with buffer overflow and remote code executing. Please update to Firefox 3.6.7 as soon as possible.
-
Firefox News- Unboxing AI with the next generation
- Finn Myrstad reflects on holding tech companies accountable and ensuring that human rights are respected
- Open Source in the Age of LLMs
- Marek Tuszynski reflects on curating thought-provoking experiences at the intersection of technology and activism
- Rachel Hislop reflects on working for Beyoncé, creating community for Black women and the power of storytelling
- Empowering Choice: Firefox Partners with Qwant for a Better Web
- The cost of cutting-edge: Scaling compute and limiting access
- Google’s Protected Audience Protects Advertisers (and Google) More Than It Protects You