Tag Archives: Browsers · Firefox · Freeware · Software · Windows Tips and Tools

Update FireFox – FireFox 3.5.6 Released – Fixes 11 Security Issues

image Firefox 3.5.6 has just been released which addresses 11 documented security issues, as well as a number of stability issue. Since Browser vulnerabilities operate as a prime gateway for malware, immediate updating is strongly recommended.

From Mozilla:

MFSA 2009-67 (Critical) — An integer overflow in the Theora video library. A video’s dimensions were being multiplied together and used in particular memory allocations. When the video dimensions were sufficiently large, the multiplication could overflow a 32-bit integer resulting in too small a memory buffer being allocated for the video. An attacker could use a specially crafted video to write data past the bounds of this buffer, causing a crash and potentially running arbitrary code on a victim’s computer.

MFSA 2009-66 (Critical) — Several bugs in liboggplay which posed potential memory safety issues. The bugs which were fixed could potentially be used by an attacker to crash a victim’s browser and execute arbitrary code on their computer.

MFSA 2009-65 (Critical) — Mozilla developers and community members identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes  — four documented vulnerabilities — showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

MFSA 2009-68 (High Risk) — Mozilla’s NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitary application via the browser. If an attacker could get a user to visit a web page he controlled he could force NTLM authenticated requests to be forwarded to another application on behalf of the user.

MFSA 2009-70 (Moderate) — A content window which is opened by a chrome window retains a reference to the chrome window via the window.opener property. Using this reference, content in the new window can access functions inside the chrome window, such as eval, and use these functions to run arbitrary JavaScript code with chrome privileges. In a stock Mozilla browser a remote attacker can not cause these application dialogs to appear nor to automatically load the attack code that takes advantage of this flaw in window.opener. There may be add-ons which open potentially hostile web-content in this way, and combined with such an add-on the severity of this flaw could be upgraded to Critical.

MFSA 2009-69 (Moderate) — When a page loaded over an insecure protocol, such as http: or file:, sets its document.location to a https: URL which responds with a 204 status and empty response body, the insecure page will receive SSL indicators near the location bar, but will not have its page content modified in any way. This could lead to a user believing they were on a secure page when in fact they were not.  Separately,  a web page can set document.location to a URL that can’t be displayed properly and then inject content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking but invalid URL in the location bar and inject HTML and JavaScript into the body of the page, resulting in a spoofing attack.

MFSA 2009-71 (Low Risk) — The exception messages generated by Mozilla’s GeckoActiveXObject differ based on whether or not the requested COM object’s ProgID is present in the system registry. A malicious site could use this vulnerability to enumerate a list of COM objects installed on a user’s system and create a profile to track the user across browsing sessions.

Download at: Mozilla

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Browsers, Don't Get Scammed, Don't Get Hacked, Firefox, Malware Advisories, Open Source, Windows Tips and Tools

FireFox 3.5 Released Today

image The new and improved FireFox, the one we’ve all been waiting for, finally came out of the gate today.

There’s ton of new feature which promise to make this the best FireFox ever.

New features for end users:

Location aware browsing
If you choose, you may allow Firefox 3.5 to share information about your current location with web sites.  Firefox 3.5 can use information about the network you’re connected to to share your location. Of course, it asks for your permission before doing so, to ensure your privacy.
Open audio and video support
Firefox 3.5 supports embedded video and audio using the open Ogg format, as well as WAV for audio. No plugins, no confusing error messages about needing to install something or other that turns out not to be available on your platform anyway.
Local data storage
Web applications can now use Web Storage’s local storage capabilities to store data on your computer.  This is great for anything from site preferences to more complex data.
Private Browsing
Need to use someone else’s computer? Switch on Private Browsing mode and nothing will be recorded about your session, including cookies, history, and any other potentially private information.
Better privacy controls
The Privacy preference pane has been completely redesigned to offer users more control over their private information. Users can choose to retain or discard anything including history information, cookies, downloads, and form field information.  In addition, users can specify whether or not to include history and/or bookmarks in the location bar’s automated suggestions, so you can keep private web addresses from popping up unexpectedly while typing in the location bar.
Faster JavaScript performance
JavaScript, the “J” in “AJAX,” is sped up dramatically in Firefox 3.5 with the new TraceMonkey JavaScript engine.  Web applications are much faster than in Firefox 3.
Faster page rendering
Web content draws faster in Firefox 3.5, thanks to technologies such as “speculative parsing.” Your users don’t need to know what it means, other than “it makes things draw faster.”

Download at: FileHippo

1 Comment

Filed under Browsers, Firefox, Freeware, Software, Windows Tips and Tools

FireFox 3.0.11 Released – Fixes Crash and Security Issues

firefox

The last version of FireFox that worked properly on my machines was version 3.0.8. – versions 3.0.9 and 3.0.10, totally sucked.

Both of these versions caused very uneven performance while surfing the Net. I have to admit, this uneven performance drove me slightly crazy. Unexplained crashes, slow site connections, and timed out errors do that to me.

Now comes word that Mozilla has just released FireFox 3.0.11, which addresses these very issues. Once again Mozilla is a dollar short and a day late!

This new release addresses the following stability and security issues.

Issues Fixed in Firefox 3.0.11

MFSA 2009-32 JavaScript chrome privilege escalation

MFSA 2009-31 XUL scripts bypass content-policy checks

MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar

MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null

MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object

MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests

MFSA 2009-26 Arbitrary domain cookie access by local file: resources

MFSA 2009-25 URL spoofing with invalid unicode characters

MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)

If you are running FireFox 3.0.10, I strongly recommend that you update to release 3.0.11.

Download at: Mozilla

If you are weary of these constant FireFox updates from Mozilla, and you want the speed in a Browser that FireFox was once noted for, then checkout “Portable Browsing with TheWorld Browser” by guest writer Rick Robinette, on this site.

2 Comments

Filed under Browsers, Don't Get Hacked, Firefox, Freeware, Internet Safety, Open Source, Software, System Security, Windows Tips and Tools

FireFox 3.0.10 Released – Fixes Crash Issues

firefox Since updating to FireFox 3.0.9 last week, I have experienced very uneven performance while surfing the Net. I have to admit, this uneven performance drove me slightly crazy. Unexplained crashes, slow site connections, and timed out errors do that to me.

Despite hours investigating, I was unable to resolve these issues. Worse, I spend hours looking at my overall configuration including a heavy duty malware investigation of my system – all to no avail. Since I use the HTML Validator add-on, I was particularly affected.

My good buddy and fellow Blogger TechPaul keyed in on the cause of my problem by establishing that the root cause was one of my add-ons. But with 20+ add-ons, I must admit I had neither the time, nor the inclination to track it down and instead reverted back to running IE 8 –ugh!

Now comes word that Mozilla has just released FireFox 3.0.10, which addresses these very issues. Uh, a dollar short and a day late Mozilla!

This new release addresses a major stability issue and one more security fix.

Issues fixed in FireFox 3.0.10

Crash in nsTextFrame::ClearTextRun

Crashes with HTML Validator when viewing source nsTextFrame

If you are running FireFox 3.0.9 I strongly recommend that you update to release 3.0.10.

Download at: Mozilla

17 Comments

Filed under Browsers, Firefox, Firefox Add-ons, Internet Safety, Windows Tips and Tools

Mozilla FireFox 3.0.9 Released Which Fixes Security Issues – Update Now

firefox Mozilla has just released FireFox 3.0.9 which fixes a number of security issues discovered in FireFox version 3.0.8.

If you haven’t already updated to version 3.0.9, it is critical that you do so now to ensure the integrity of your computer and to safeguard your personal and financial information.

The following are the vulnerabilities involved and the risk attached to each as per the Mozilla web site.

Issues addressed:

Many users experienced an issue where a corrupt local database caused Firefox to “lose” its stored cookies. (bug 470578)

Fixed an issue where, starting with Firefox 3.0.7, inline image attachments on popular webmail services (like AOL and AIM) would not display. (bug 482659)

Large forms would sometimes take a long time to submit. (bug 426991)

In certain cases, new windows would not have proper focus. (bug 446568)

Update at: Mozilla

Comments Off on Mozilla FireFox 3.0.9 Released Which Fixes Security Issues – Update Now

Filed under Windows Tips and Tools