Close X
Log In
If you are not a member,
register now
Email
Password
Forgot Your Password?
New User? Register now
to gain member-only access to all of IT World Canada's premium content & community portals.
Log in for Full Access |
Log In
|
Subscribe Now!
Follow
IT World Canada
Knowledge Centres
Community
Publications
Events
Services
Media
Communications Infrastructure
•
Carriers and Cellular
•
Networking
•
Voice, Data, and IP
Security
•
Alerts, Patches and Fixes
•
Disaster Recovery
•
Hacking and Viruses
Enterprise Business Applications
•
Business Intelligence
•
Enterprise Resource Planning
•
Open Source and Linux
Enterprise Infrastructure
•
Data Centre
•
Servers and Mainframes
•
Virtualization
Government
•
Case Studies and Best Practices
•
Collaboration
•
Policy
Leadership
•
Budgeting / IT Alignment
•
Industry News
•
Issues for CIOs
Information Architecture
•
Data Warehousing
•
Databases
•
Messaging and Collaboration
Integrating IT
•
Development Environments
•
Middleware - Utilities
•
Project Management
Green IT
•
E-Waste and Recycling
•
Green thinking
IT Workplace
•
Careers and the Job Market
•
Consulting and Contracting
•
Human Resources Issues
•
Women in IT
Departmental and End User Computing
•
Future Technology
•
Help Desk and End-User Support
•
Mobile Applications
Featured Blogs
•
All things Android
•
Enterprise Insights
•
Network World
•
Industry Watch
•
CDN Varbose
Computing Canada Blogs
•
World Wide Webb
•
Blogosphere
•
Techbuzz
Wikis
•
IT job Descriptions
Most Recent
All IT World Blogs
Click Here to Subscribe Now!
Job and Career Resources
•
Canadian IT Jobs
•
IT Sales Jobs
•
Salary Calculator
Knowledge Services
•
CDN ProFIT - Turnkey Marketing solutions
•
Visability
Subscribe Now- Register
Content
•
Slide Shows
•
Videos
•
White Papers
•
Webinars
Social
Facebook:
facebook.com/ITWorldCa
Twitter:
@itworldca
Linkedin:
IT World Canada Live
YouTube:
ITWorldCanada
More
brands and Accounts
Digital Media
•
Media Guide
•
Digital Publications Media Guide
•
Latest Digital Editions
Hot Topics:
network security
•
Business analytics
•
SAP
•
ios
•
analytic applications
•
wireless news
•
mobile security
•
BlackBerry
•
Search
SHARE
Home
>>
Security
Mozilla patches Firefox to prep for Pwn2Own
By:
Gregg Keizer
On:
03 Mar 2011
For:
ComputerWorld (US)
Tweet
The open source browser maker is following Google, quashing 11 bugs, including a CSRF flaw that worried Adobe. The updates were the first for Firefox since December
Mozilla Corp. on Tuesday fixed 11 security flaws in Firefox, following in rival Google's footsteps in patching its browser before a hacking contest kicks off next week.
Nine of the 11 flaws were rated "critical," a threat rating that implies hackers could use the vulnerabilities to compromise a computer or infect it with malware. Of the two remaining bugs, one was labeled "high" and the second was tagged as "moderate."
The updates, which brought the open-source browser to versions 3.6.14 and 3.5.17, were the first since December, a longer-than-usual span between Mozilla patch shipments. Part of the reason was that Tuesday's updates were delayed. They had been slated to show in mid-February, but
Mozilla held them
to investigate a non-
security
bug that caused some users'
browsers
to crash.
The patches in Tuesday's updates addressed three JavaScript flaws, two bugs in Firefox's browser engine, a JPEG rendering vulnerability that could be exploited by serving a malicious image to users, and a cross-site forgery request (CSRF) bug.
An Adobe security researcher reported the CSRF vulnerability, which was the issue rated high, Mozilla said in its
patch notes
. According to information posted on a security mailing list last month, the CSRF bug can be exploited in several browsers -- Firefox,
Apple
's Safari and
Google
's Chrome -- using a malformed Flash file.
Previously, Mozilla developers had reported that Adobe was pressing them to issue a patch for the CSRF bug.
Tuesday's security update reached users eight days before
Pwn2Own
, the annual hacking contest held at the CanSecWest security conference in Vancouver, British Columbia.
Pwn2Own begins March 9
, when security researchers will compete for $65,000 in prizes by trying to take down the most up-to-date production editions of Firefox, Chrome, Safari and
Microsoft
's Internet Explorer.
Google patched 19 bugs
in Chrome on Monday, making Firefox the second of the four targeted browsers to get a last-minute security polish before the challenge.
Last year,
Google
and Apple updated their browsers just days before Pwn2Own, but Mozilla did not. Instead,
Mozilla acknowledged a critical vulnerability
in Firefox less than a week before 2010's contest, but said it wouldn't fix the flaw until after its conclusion. Pwn2Own organizers then ruled that hackers would not be allowed to use the vulnerability to exploit Firefox.
Firefox 3.6.14, the version that will be attacked at Pwn2Own, will soon be displaced by Firefox 4, which entered its final beta Monday. Mozilla is moving toward a "release candidate" build, and unless unexpected problems pop up, will probably ship the browser this month.
Users can update to Firefox 3.6.14 by
downloading the new edition
or by selecting "Check for Updates" from the Help menu in the browser. Firefox 3.5 users can obtain version 3.5.17 with the update tool.
Sign up for our
Newsletters
Tags:
Mozilla
,
Firefox
Tweet
Close X
Your Name:
Your E-mail:
Friend's Name:
Friend's E-mail:
Close X
|
Views:
1897 |
Rating:
(0 votes)
Rate this article on a scale of
1 to 5 stars,5 being the best.
Close X
Page
1
Quick Access
Video Conferencing
Cloud Computing Resource Centre
CIO Canada's Brainstorm Centre
CIO Canada Debate
IdeaCity Conference June 18-20 - Toronto
Gregg Keizer
is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.
Recent Canadian IT Jobs
more:
IT Jobs
,
Post A Job
Related Content
Mozilla to skip CSRF bug patch in next Firefox update
Originally slated for release on Feb. 14, the security updates for the cross-site request forgery bug was held while Mozilla developers investigated a bug that affected some, though not all, users of the betas. Find out more
Critical Firefox bug fixed one month after disclosure
Open source browser provider Mozilla has released Firefox 3.6.2, which is meant to fix a bug that could potentially crash your browser. The bug was discovered by Evgeny Legerov, who said it affected Firefox browsers running on Windows XP and Vista.
IE8 can't stop Microsoft's declining market share
IE's share falls to new low; Firefox, Chrome and Opera post solid gains
It takes courage to admit your product is insecure
kudos to mozzila's chief security officer, window snyder (yes, that's his real name), who
Latest Safari release could be “easy pickings”
the winner of the 2008 pwn2own hacking contest has his sights set on apple inc.’s newest launched safari 4 beta. security researcher charlie miller, who took home $10,000 for hacki
Please enable JavaScript to view the
comments powered by Disqus.
blog comments powered by
Disqus
Related Videos
Building an Enterprise IT Security Training Program
Building an Enterprise IT Security Training Program
-
Over 50% of security breaches are a result of end-user error, oversight, and ignorance. IT security training is an effective method of reducing end-user related security breaches.
Cloud Computing: Extending the Network (3 of 3)
Cloud Computing: Extending the Network (3 of 3)
-
The end goals of private cloud computing are to; Enable efficient delivery of IT resources and services; Give the enterprise complete control over data; Enable choice in technologies and service providers
Cloud Computing: Getting to One Network (1 of 3)
Cloud Computing: Getting to One Network (1 of 3)
-
In this first video of the series, the team will take you through how to consolidate the different types of traffic onto a single, general-purpose, high-performance, highly available network that greatly simplifies the network infrastructure and redu
Cloud Computing: The Unified Compute Model (2 of 3)
Cloud Computing: The Unified Compute Model (2 of 3)
-
In this second video, the team will look at how to unite computing, networking, storage access, and virtualization into a single cohesive system. The Unified Compute model prepares you for cloud computing. This will be discussed in the next and fin
Professors warn of arms race in cyberspace
Professors warn of arms race in cyberspace
-
At a panel discussion organized by Osgoode Hall, professors Ronald Deibert and Stephane Leman-Langlois discussed the attacks on Google Inc. and the challenges of working in countries such as China.
more from the:
Video Library
Computing Canada Poll
What topic would you like to see covered in the next issue?
Read the Computing Canada articles you made happen.
•
Democratizing Business Continuity
•
Agility and efficiency through virtual switching
* Sponsored by Microsoft
Most Popular
Articles
Most Viewed
Most Emailed
Top Rated
Most Viewed
Most Emailed
Top Rated
BlackBerry is on a roll
By: Howard Solomon (14 May 2013)
ORLANDO – Research In Motion officially opens its annual BlackBerry conference here today on a roll with the launch of a new keyboard-equipped s ...
Dell board wants more details on Icahn bid
By: Nestor E. Arellano (13 May 2013)
Dell Inc.’s board of directors wants more information on investor Car Icahn and Southeastern Asset Management’s $21 billion cash offer for ...
Adobe’s subscription-only plan meets backlash
By: Nestor E. Arellano (10 May 2013)
Thousands of users of Adobe Systems Inc.’s software are taking to the Internet their displeasure over the company’s decision to adopt a su ...
Canadian health care lags in mobile adoption: IDC
By: Nestor E. Arellano (09 May 2013)
The prevalence of mobile technology is being felt in most in many industries but its adoption is lagging in health care where its implementation are l ...
Fairmont Raffles uses analytics to boost profits
By: Jeff Jedras (10 May 2013)
SAN FRANCISCO – As Fairmont Raffles’ executive director of customer relationship marketing, Andrea Johnson is helping to lead the charge a ...
Coming off legacy, one step at a time
By: Dave Webb (5/21/2013 7:51:00 PM)
Frontline workers at the New Brunswick Motor Vehicle Branch might not notice, but the provincial agency’s IT infrastructure and business process ...
Juniper offers service providers big data analysis
By: Howard Solomon (5/21/2013 3:43:00 PM)
Service providers have at least one thing in common: they are great repositories of communications data. Juniper Networks now has a way operato ...
New platform from Canadian wireless equipment maker
By: Howard Solomon (5/21/2013 2:22:00 PM)
A Canadian maker of wireless backhaul networks for enterprises and telecom operators has created a new hardware and software platform which it says ca ...
Fortinet tweaks Web application firewalls
By: Howard Solomon (5/21/2013 11:05:00 AM)
The advantage of appliances being run by an operating system is that new features can be easily added. As a result, its become common for net ...
Aruba to release gigabit access points
By: Howard Solomon (5/21/2013 10:29:00 AM)
Get ready for a great leap in office wireless network speeds. Aruba Networks Inc. said Monday it is about to release a new line of access points tha ...
Think internationally, Kobo CEO says
By: Dave Webb (16 May 2013)
It's important for Canadian digital media companies to think big -- think internationally -- right out of the box, Michael Serbinis, co-founder of Can ...
Why stick with Microsoft?
By: Dave Webb (08 May 2013)
Forbes contributor and CRM expert Gene Marks makes the argument that any sizeable business will stick to its Microsoft platform and applications. Ther ...
BlackBerry is on a roll
By: Howard Solomon (14 May 2013)
ORLANDO – Research In Motion officially opens its annual BlackBerry conference here today on a roll with the launch of a new keyboard-equipped s ...
No fee for Windows Blue update: Analysts
By: Nestor E. Arellano (13 May 2013)
Microsoft Corp. will likely not charge Windows 8 users for the operating system's upgrade codenamed “Blue,” according to technology indust ...
Pirate Bay co-founder to run for EU parliament
By: Nestor E. Arellano (15 May 2013)
Peter Sunde, co-founder of the file sharing site Pirate Bay, says he plans to run for the European Parliament in 2014 under the banner of the Finnish ...
Related White Papers
Getting a better grip on mobile devices
-
IBM Software provides solutions and strategies for managing both employee-owned and enterprise-owned equipment.
2012 Bit9 Cyber Security Research Report
-
The 2012 Bit9 Cyber Security Research Report presents the perspectives of more than 1,800 IT professionals on the world of advanced cyber threats.
Realistic Security, Realistically Deployed: Today's Application Control and Whitelisting
-
With today's sophisticated and constant barrage of cyber-threats defenses focused on a blacklist "permit-all-except" philosophy are doomed to fail. Modern security requires an application control and whitelisting approach.
Advanced Threat Landscape: What Organizations Need to Know
-
Combating today's cyber-threats requires an approach based on trust, not the blacklisting security strategies of the past.
IFCG Addresses Privacy and Data Security in a Regulated Industry Through a Managed Security Services Provider
-
IFCG turned to No Panic Computing (NPC) to provide security-hardened laptops, monitored and managed 24/7, boasting biometric access, encrypted hard drives, sophisticated anti-virus monitoring and an OS optimized for performance and data protection.
more:
White Papers
Close X