“The Mozilla Foundation issued a patch for a major security flaw in its Firefox browser on Wednesday and advised people to update their software.
The problem is caused by a buffer overflow in legacy Netscape code still included in the browser for animating GIF images, Chris Hofmann, director of engineering for Mozilla, said. Similar memory problems have affected Mozilla's browsers and Microsoft's Internet Explorer in the past. A malicious attacker could exploit them by creating carefully crafted image files that, when viewed by a victim in a browser, execute a program and compromise the system.
The flaw was discovered by Internet Security Systems, a network protection company, and patched before the public learned of the issue, Hofmann said.
"We are staying ahead and being proactive in fixing the code," he said. "The deciding factor, in this case, was the potential for this: It's a little easier for hackers to turn it into an exploit that could be dangerous."
The Mozilla Foundation released version 1.02 of Firefox on Wednesday to fix the problem and asked that all users to download and apply the patch.
Recently published data has prompted questions about the security of Firefox. Security technology provider Symantec said in this week's Internet Threat Report that during the second half of last year, 21 vulnerabilities affected Mozilla browsers and 13 flaws affected Internet Explorer.
However, only seven of the flaws in Firefox were considered "highly severe," compared with nine in Internet Explorer.”
http://news.zdnet.com/2100-1009_22-5632148.html?tag=nl.e589
Posts
No comments:
Post a Comment