Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Mozilla, Opera plug security holes
Published: 2009-03-05

Both the Mozilla Foundation and Opera released updated versions of their Web browsing software this week to eliminate serious security vulnerabilities.

On Wednesday, Mozilla issued a patch for its Firefox browser to close five classes of issues — some involving multiple vulnerabilities — including three critical memory handling flaws. The most serious security issue involved an open-source Portable Network Graphics (PNG) library, libpng, used by Firefox to render images of that file type.

"These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer," Mozilla said in its advisory on the issue. "libpng was upgraded to a version which contained fixes for these flaws."

On Tuesday, rival browser maker Opera released version 9.64, closing three major security issues, including a vulnerability that allowed a maliciously-crafted JPEG image to be used to execute code. In addition, Opera added a number of security features, such as support for Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR) on Windows systems, and fixed a number of other security issues, according to the company's advisory.

Both updates come a week after Apple released the first beat version of what will be a major upgrade to its Safari browser, publicly adding a number of security features that the company had secretly added in Safari 3.2.

If you have tips or insights on this topic, please contact SecurityFocus.



Posted by: Robert Lemos
    Digg this story   Add to del.icio.us  
 
Comments Mode:







 

Privacy Statement
Copyright 2009, SecurityFocus