Firefox 3.0.8 Security Update to Fix Hackable Security Flaw
Next week the Mozilla Foundation plans to make the Firefox 3.0.8 update available to the general public. This is a security update that is meant to address known security vulnerabilities that affect the browser running on all supported operating systems. The security holes in question could allow a person with malicious intent to install software on a targeted system – all without the user’s knowledge.
“The pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido are both critical issues that can result in malicious code execution. These issues can be exploited by tricking a user into visiting a malicious web page hosting the exploit code. The pwn2own bug can be mitigated by disabling JavaScript. Both issues have been investigated and fixes have been developed which are now undergoing quality assurance testing. These fixes will be included in the upcoming Firefox 3.0.8 release, due to be released by April 1,” explains the Mozilla Security Blog.
People keeping track of these things will remember that Nils is the mysterious computer science student from Germany that managed to hack three of the most popular web browsers out there (Safari, Firefox, IE8) during the 2009 PWN2Own competition, earning him a $15,000 reward. By accepting the prize money he effectively sold the vulnerability rights and consequently could not provide a in-depth look at the vulnerability that he exploited in Firefox. This is not the case with Guido Landi’s XSLT vulnerability, which has been published online. No known exploit is currently available in the wild.
You are very well advised to update your Firefox browser next week, when the update becomes available – we will make sure to keep you informed, so check back for updates. As always, there will be two ways for you to get Firefox 3.0.8:
1. Download the software and install it on your machine.
2. If you have Firefox 3.0 installed on your machine, click Help -> Check for Updates. The update will be rolled out automatically, but if you check for it you might get it a bit earlier.
UPDATE: Firefox 3.0.8 has been released - details here .
Tags: Mozilla, Firefox
“The pwn2own bug that Nils discovered at CanSecWest 2009 and the XSLT vulnerability recently made public by Guido are both critical issues that can result in malicious code execution. These issues can be exploited by tricking a user into visiting a malicious web page hosting the exploit code. The pwn2own bug can be mitigated by disabling JavaScript. Both issues have been investigated and fixes have been developed which are now undergoing quality assurance testing. These fixes will be included in the upcoming Firefox 3.0.8 release, due to be released by April 1,” explains the Mozilla Security Blog.
Advertising
People keeping track of these things will remember that Nils is the mysterious computer science student from Germany that managed to hack three of the most popular web browsers out there (Safari, Firefox, IE8) during the 2009 PWN2Own competition, earning him a $15,000 reward. By accepting the prize money he effectively sold the vulnerability rights and consequently could not provide a in-depth look at the vulnerability that he exploited in Firefox. This is not the case with Guido Landi’s XSLT vulnerability, which has been published online. No known exploit is currently available in the wild.
You are very well advised to update your Firefox browser next week, when the update becomes available – we will make sure to keep you informed, so check back for updates. As always, there will be two ways for you to get Firefox 3.0.8:
1. Download the software and install it on your machine.
2. If you have Firefox 3.0 installed on your machine, click Help -> Check for Updates. The update will be rolled out automatically, but if you check for it you might get it a bit earlier.
UPDATE: Firefox 3.0.8 has been released - details here .
Tags: Mozilla, Firefox
I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 28 May 2012
Mozilla introduced a new program meant to educate millions of people, the Mozilla Webmaker program.
By George Norman on 26 May 2012
Piriform updated its products, making CCleaner less annoying and Defraggler a lot faster.Related News
By George Norman on 23 Apr 2012
Even though the Mozilla Foundation has not officially released the final version of Firefox 12 to the masses, Firefox v. 12.0 final is already out there and available for download
By George Norman on 02 Feb 2012
Version 10.0 of the very popular Firefox web browser has been released to the web. This new version comes with a
By George Norman on 27 Jan 2012
We all start the year with resolutions, such as “this year I’m going to more carefully watch what I eat”, or “this year I will try to be less stressed”. Most times we discard these resolutions just as easily as 
By George Norman on 03 Feb 2012
As a passionate supporter of Mozilla and a long-time Firefox user, I am more than familiar with Personas. But it seems that Personas are confusing for new Firefox usersAdvertising
Hot Software Updates
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Firefox 3.0.8 Security Update to Fix Hackable Security Flaw
HTML Linking Code
HTML Linking Code