The Mother Board forums. Free tech support, motherboard ID, and more.
It is currently Sat Oct 20, 2018 1:24 am

All times are UTC - 8 hours

Post new topic Reply to topic  [ 1 post ] 
Author Message
PostPosted: Wed Mar 23, 2005 2:22 pm 
Black Belt 3rd Degree
Black Belt 3rd Degree

Joined: Wed Nov 10, 2004 7:42 pm
Posts: 3844
Location: Oklahoma City, OK ...

The Mozilla Foundation issued a patch for a major security flaw in its Firefox browser on Wednesday and advised people to update their software.

The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images, Chris Hofmann, director of engineering for Mozilla, said. Similar memory problems have affected Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system.

The flaw was discovered by Internet Security Systems, a network protection company, and patched before the public learned of the issue, Hofmann said.

"We are staying ahead and being proactive in fixing the code," he said. "The deciding factor, in this case, was the potential for this: It's a little easier for hackers to turn it into an exploit that could be dangerous."

The Mozilla Foundation released version 1.02 of Firefox on Wednesday to fix the problem and asked that all users to download and apply the patch.

Recently published data has prompted questions about the security of Firefox. Security technology provider Symantec said in this week's Internet Threat Report that during the second half of last year, 21 vulnerabilities affected Mozilla browsers and 13 flaws affected Internet Explorer.

However, only seven of the flaws in Firefox were considered "highly severe," compared with nine in Internet Explorer.

Mozilla's Hofmann pointed to the data as a positive indication that the developers were doing a good job of securing the Firefox code.

"As the data shows, the flaws are of lesser severity," he said. "The kinds of things the Microsoft's browser is vulnerable to is much more worrisome."

On Tuesday, Mozilla president Mitchell Baker predicted that Firefox won't suffer nearly as many security flaws as Internet Explorer and that the increasing popularity of the open-source browser won't change that.

Microsoft could not immediately be reached on Wednesday for comment.

Mozilla is currently reviewing the roughly 2 million lines of code that makes up the Firefox browser to find similar vulnerabilities to those patched Wednesday. Last August, the organization offered a bounty to anyone who finds significant flaws in the software. The developers are looking with particular intensity at the legacy code that remains in the browser.

"Most of the things that we are looking at and fixing are potential exploits that no one has figured out how to exploit yet," Hofmann said.

Time to patch/update ladies and gents. :)

"You cant hug your family with Nuclear Arms"

Asus F2A85-V Pro
AMD A10-5800K APU @ 4.5GHz
8GB G. Skill 1866
550w PSU
Hyper 212 Evo

Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 8 hours

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group