Recently, for the older versions of Mozilla's Firefox browser, released five security updates. At the same time also a security company Secunia has warned users that the latest version of Firefox 3.6 may exist in a high risk security vulnerabilities.
In January of this year, Mozilla, said the company had threatened to no longer be the old version of the Firefox 3.0 browser to provide technical support, but this week 3, Mozilla's Firefox browser, or for the 3.5.8, and 3.0.18 and other versions of the old shall browser update released several patches, and said that the loopholes in the old version of the January 21 release of the latest version of Firefox 3.6 browser has been amended.
This update key for the five older browser security vulnerabilities, of which three holes have been Mozilla's marked as "critical" level. Vulnerabilities caused by these three main reasons: 1, the browser handles the process of memory error; 2, Gecko web rendering engine instability problems; three deal specifically with the Webworker part of the script file can not be normal processing of information have been posted.
Mozilla said that more than three holes can be used to intrusion by malicious software, the user's system. While the remaining two holes is slightly lower hazard level, may allow an attacker to execute malicious JavaScript code.
The version for Firefox 3.5.8 and 3.0.18 security updates apply to Windows, MacOSX, and Linux three kinds of operating systems, users can upgrade the browser built-in feature to install these security updates.
In addition, Secunia security company this week, four reported that they found a Firefox 3.6 version of a new security vulnerabilities, Mozilla is currently yet to be issued in respect of amendments to patch security vulnerabilities, Secunia warned that this vulnerability could allow an attacker to the user system implementation of the malicious code.
According to Secunia, the current installed VulnDiscoPack of Immunity's Canvas plug-in vulnerability testing software can detect this vulnerability, but VulnDiscoPack development company Intevydis no details of the vulnerability publicly, Secunia will mark the vulnerability as "high risk" level .
No comments:
Post a Comment