Both the Mozilla Foundation and Opera released updated versions of their Web browsing software this week to eliminate serious security vulnerabilities.
On Wednesday, Mozilla issued a patch for its Firefox browser to close five classes of issues — some involving multiple vulnerabilities — including three critical memory handling flaws. The most serious security issue involved an open-source Portable Network Graphics (PNG) library,
libpng, used by Firefox to render images of that file type.
"These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer," Mozilla said in its advisory on the issue. "
libpng was upgraded to a version which contained fixes for these flaws."
On Tuesday, rival browser maker Opera released version 9.64, closing three major security issues, including a vulnerability that allowed a maliciously-crafted JPEG image to be used to execute code. In addition, Opera added a number of security features, such as support for Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) on Windows systems, and fixed a number of other security issues, according to the company's advisory.
Both updates come a week after Apple released the first beat version of what will be a major upgrade to its Safari browser, publicly adding a number of security features that the company had secretly added in Safari 3.2.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos