Technology news and Jobs 
Information Technology News Firefox 2.0.0.10 patches high-impact security flaws
Information Technology News Firefox 2.0.0.10 patches high-impact security flaws | Firefox 2.0.0.10 patches high-impact security flaws |
|
|
|
| Written by Stephen Withers | |
| Wednesday, 28 November 2007 | |
|
Firefox 2.0.0.10 restricts the jar: URI scheme to files delivered with a MIME type of application/java-archive or application/x-jar to avoid trusting non-Java content that could be used in cross-site scripting attacks. The flaw had been exploited to steal Gmail contact lists. Another specific issue corrected by the update blocks a way of carrying out cross-site request forgery attack on sites by generating a fake HTTP Referrer header. Also patched are three bugs that had been shown to cause memory corruption in some circumstances and that could potentially be exploited to execute arbitrary code. No other changes were made to the application. The update is being pushed out to Firefox users, or the new version can be downloaded from Mozilla.com.
Get stories like this delivered daily - FREE - subscribe now When you subscribe get a 12 months license for LiveProject Valued at $99 USD  Download the FREE iTWire desktop alert widget
  |
Tags
| < Prev | Next > |
|---|
Subscribe to iTWire's daily e-newsletter now and get a FREE 12 month license to project management software valued at $99 USD. 
