News - Security Subscribe to News - Security
July 17, 2008 1:29 PM PDT

Mozilla updates Firefox with three security patches

Posted by Robert Vamosi

On Thursday, Mozilla pushed out a new security update for its new Firefox browser. Version 3.0.1 for Windows and Mac addresses vulnerabilities in malformed GIF files on Mac OS X, command-line URLs that could launch multiple tabs when Firefox is not running, and a potential remote code execution by overflowing CSS reference counter.

Meanwhile, Mozilla updated the earlier version of Firefox with 2.0.16 on Tuesday. The update addresses two of the Firefox 3 critical issues--command-line URLs and overflowing CSS reference counter.

Version-specific updates have been pushed out automatically to existing Firefox users.

Mozilla will continue to update Firefox 2 until mid-December.

Topics:

Vulnerabilities & attacks,

News

Tags:

security,

Firefox,

Mozilla,

CSS,

Mac OS X,

remote code execution

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from News - Security
Brazilian charged in U.S. in connection with operating botnet
Psychological profiling on the Web
Security expert: DNS attacks are happening
Malicious Flash ads attack, spread via clipboard
Hacker exposes alleged Olympics age fraud
Add a Comment (Log in or register) 28 comments (Page 1 of 3)
by Lerianis July 17, 2008 2:07 PM PDT
Well, at least Mozilla is very fast about getting the updates out there when they need to get them out there! Personally, I knew that Mozilla was not going to be able to make a total vulnerability free browser..... but they have done a pretty good job of improving Firefox, even over the 2 version.
Reply to this comment View all 2 replies
by amarkj July 17, 2008 2:18 PM PDT
Funny how people are so forgiving with Firefox...
Reply to this comment
by waltermera182 July 17, 2008 2:54 PM PDT
cest la vie
Reply to this comment
by birdpiercefan3334 July 17, 2008 4:54 PM PDT
Well, I updated it, and Tab Mix Plus isn't compatible with the new Mozilla Firefox (3.0.1). I had to go to the main web page and download the development Add-On. Other than that, it worked fine for me. That was a quick update, Mozilla, good job!
Reply to this comment
by ElDudde July 17, 2008 6:21 PM PDT
Wow, can you believe the amazingly superior FireFox could have a need to patch their superior web browser. Geez, that's like Apple being unable to activate their incredibly amazing IPhone. They must have some Microsoft engineers working for them.
Reply to this comment View reply
by emtgregg July 17, 2008 8:39 PM PDT
Geez, Apple not being able to activate what IPhones? You can't even get them now until Mid August. That's a huge issue with millions of people who want to get it.

Let's see a service update for something the customer already has and can use without the update verses not even being able to get a phone and having to take home a non-working phone just to get it activated, if you can get it activated.

I'll take my free browser that I am using right now any day over a phone that I can't even put my hands on if I wanted to buy one.
Reply to this comment
by The_Decider July 17, 2008 9:47 PM PDT
Take every patch from all FF versions and it is still a fraction of the security fixes for IE7 alone.

At least FF isn't getting exploited everyday like IE.

[CNET editors' note: personal attack deleted].

Leria, You "knew" the FF3 wouldn't be perfect? How brilliant of you!
Reply to this comment View reply
by The_Decider July 17, 2008 9:49 PM PDT
"Funny how people are so forgiving with Firefox..."

So forgiving?

Of what? That FF fixed the issue fast enough that it wasn't exploited?

If MS could do that we might be more forgiving of its thousands of flaws and exploits running around for it.
Reply to this comment
by bscr72 July 18, 2008 9:33 AM PDT
Here we go again: Mozilla's patches are seen as saviors, while MS patches are seen as' too late' and aatching a crappy product. Mr. Vamosi, please attend journalism school and take a class in fair, unbiased reporting....it lacks in you articles. We know your biased, but just like the world is not waiting for my opinion, its not waiting for yours either.

FireFox is just as buggy and can't get it right either..they still need to release security ptaches..so are you really safer with FireFox? Maybe a little, but the facts speak for themselves.

And yes, I will be slammed for this....but facts are facts..even if they are easily overlooked.
Reply to this comment View reply
by firefoxluva95 July 18, 2008 10:42 AM PDT
Buggy? Define buggy as I haven't experienced any bugs. Security flaws are not really considered bugs, they are flaws. They are discovered by hackers who have the only goal of breaking into/compromising your system.

Security patches? Well obviously there needs to be security patches. You don't think hackers are gonna just sit there and keep trying to exploit the same security flaws No, what hackers do is attempt to find new ways to exploit things. They aren't stupid, they adapt with the patches. Nobody is safe when they are connected to other computers (the internet). There isn't 100% safe, there is safer. Think about it, Microsoft keeps with their patch Tuesday schedule. What if there's a security problem exploited on Wednesday the week before? Now think about Mozilla, oh there's a problem, let's fix it and push this build out ASAP. Also Firefox has been shown to be the most updated browser simply because of the easy way of updating using the partial update method. I still don't like downloading a full exe each time to update Opera and I certainly don't want to wait for Windows Update to update my IE. Obviously the must frequently updated and patched browser will be the safer one. The browser evolves with the dangerous environment on the internet much more quickly.
Reply to this comment View reply
1 | 2 | 3 | Next 10 Comments >>
Powered by Jive Software
advertisement

  • About News - Security

  • Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader
Google
Yahoo
MSN

News - Security topics

Most popular stories

  1. Google's search secret: It gets rid of you

  2. Developer creates copy-paste tech for iPhone

  3. Will Wright on the origins of 'Spore'

  4. Palm Treo Pro: Not digging it

  5. American Airlines launches in-flight Wi-Fi

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Defense in Depth by Robert Vamosi

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Iconoclast by Declan McCullagh

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

Resource center from News.com sponsors
Same great protection. Reengineered for speed.
Norton Internet Security™2008

Click Here!
Norton still delivers award-winning protection and now uses 83% less memory and scans 48% faster than the competitor average. Get a FREE trial today!

Click Here!
Norton Beats the Competition

See how Norton Internet Security™2008 uses less memory, while scanning and booting faster than the competitor average.

Norton Protection Blog

Read the latest from our security experts as they help protect people from evolving online threats.

Protect Your Bluetooth Connection

Don't let fraudsters sink their teeth into your Bluetooth connection.

Vishing - What you need to know

Meet the latest ID theft scam: Voice Phishing.

Take Norton for a Test Drive Today!

Act now to get your FREE trial of Norton Internet Security 2008.

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On GameFAQs: The top 10 holy grails of gaming
Advanced
search
Advanced
search
Visit other CBS Interactive sites