Mozilla Patches Security Flaws Associated with Firefox and Thunderbird 

by iClass - Thursday, March 03, 2011
Recently, Mozilla released patch for 10 vulnerabilities. The addressed vulnerabilities pertain to Firefox 3.6.14, 3.5.17 and Thunderbird 3.1.8. The developer has rated 8 out of the 10 vulnerabilities as critical. Out of the remaining two, Mozilla has rated one as high and the other as moderate risk security flaw.

The vulnerabilities are associated with JPEG image, plugins and 307 redirects, text run construction, web workers, JavaScript atom map, JavaScript upvarMap and JSON.stringify. The security update also addresses numerous memory safety bugs associated with Firefox 3.6 and 3.5, which cause memory corruption. Attackers could exploit the bug to run arbitrary code. Security professionals at Mozilla also patched a security flaw caused by ParanoidFragmentSink. Usually, ParanoidFragmentSink class is used to clean unsafe HTML. However, it was identified that the class allows javascript URLs in chrome documents. The flaw could be exploited by a malicious extension code. The security update included a patch for a security flaw, which could allow an attacker to use a specially crafted JPEG image to store a malicious code in the memory and get it executed on a targeted computer system. Firefox and Thunderbird users must update their browsers to protect their computer system from security breaches.

The vulnerabilities were reported by security researchers affiliated to various organizations. Mozilla rates those vulnerabilities as critical, which may be exploited by attackers to execute code and install malicious software in computer systems of users performing normal browsing. The developer ranks those vulnerabilities as high, which track websites visited by a user to either steal information or to inject malicious code on the visited websites. The vibrant threats from cybercriminals could be tackled by proactive identification and timely communication of security flaws. Online degree and training programs may help security experts in improving their soft skills.

Security professionals at Mozilla have addressed the security flaws a week before the Pwn2Own contest, which would be organized as a part of the upcoming CanSecWest security conference. Ethical hackers, computer science degree holders, penetration testers and other IT security professionals are expected to exploit flaws associated with different web browsers such as Mozilla firefox, Google Chrome and Microsoft Internet Explorer along with other software applications during the contest. Developers and sponsors have announced cash prize and other bounties for experts, who manage to breach the security of the products.

Organizations require large number of cyber security experts to deal with the sophisticated challenges from attackers. Introduction of online university degree programs may encourage prospective science and engineering students to undertake research in cyber security and contribute in developing new secure technologies.

Contact Press

Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.


0    submitted by iClass -
Read More Press Releases

Koincable Introduces Four Customizable HDMI Cables

SKS Ispat& Power Ltd commissions first 300-MW power unit of their 1,200-MW RaigarhPower Plant

How a Bodybuilding Diet Can Help Build Muscle Naturally

Low Carb Diet Report Casts Light On New Research Findings

Increase in the number of student visa is trending nowadays

Wiwigo Technologies: First of its kind selfie campaign takes place in moving Delhi-Chandigarh Shatabdi

An important day in real estate sector

Leonard Kim to Appear on Critical Mass Radio Show

Nishan Kohli's recent exhibition on photography

CIMR-PU Esteemed Globally—SAARC DESIMGOW Moderator at NPA Venerated for High Contour-profiles.

Get press releases by email