Posted 11/30/07 at 01:56:42 PM by Mark 'Marcus Soperus' Soper
Some types of records shouldn't be broken, but this week, Mozilla appears to be on the verge of breaking its personal best: the shortest time between updates of its Firefox web browser.
What happened? Monday, Mozilla's Firefox 2.0.0.10 update fixed a cross-site scripting threat that used the jar (Java archive) Uniform Resource Locator which, when combined with a bug in Google's Gmail, allowed users to access other users' email address books. Ouch!
Unfortunately, 2.0.0.10 wasn't quite ready for prime time: websites that use the 'Canvas' HTML element to dynamically render bitmaps stopped working, and the FoxSaver and Fotofox extensions also were torpedoed.
Mozilla Firefox version 2.0.0.11 fixes these bugs. To get the final release as fast as possible, check the Firefox download page, as automatic updating may take a day or two once an update is released. Update: Firefox 2.0.0.11 is now available via the Firefox download page. Be sure to check the version number. As of early Friday afternoon, 2.0.0.10 was still the latest version listed. If you don't want to wait for the official release of version 2.0.0.11, you can grab the release candidate from the Mozilla FTP site. Here's the direct link to the US English 32-bit Windows version.
If that wasn't enough, users of Firefox (and other browsers) that rely on Apple QuickTime 7.3 or earlier as their default multimedia player need to watch out for rogue websites. Symantec reports that an as-yet-unfixed RTSP vulnerability in QuickTime could open users to malicious content, and that Firefox is more vulnerable than Internet Explorer 6, IE7, or Apple's Safari browsers.
If you use QuickTime, you can get into trouble with any browser, or if you click on a link in an email that directs you to a rogue site. To protect yourself, think before you click!
© 2009 Future US, Inc. All Rights Reserved.
Links:
[1] http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9049078
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=405584
[3] http://www.mozilla.com/en-US/firefox/
[4] http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2.0.0.11-candidates/rc1
[5] http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/2.0.0.11-candidates/rc1/firefox-2.0.0.11.en-US.win32.installer.exe
[6] http://www.theregister.co.uk/2007/11/26/quicktime_exploit/
[7] http://www.symantec.com/enterprise/security_response/weblog/2007/11/0day_exploit_for_apple_quickti.html
[8] http://www.kb.cert.org/vuls/id/659761
[9] http://www.maximumpc.com/article/googles_in_the_xss_crosshairs_and_so_are_you
[10] http://www.maximumpc.com/article/celebrate_freedom_with_firefox_extensions
[11] http://www.maximumpc.com/article/how_to_optimize_firefox
[12] http://www.maximumpc.com/article/safer_browsing
Comments
Print
Email
