internet.com
You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

WinPlanet Software Downloads and Reviews for Small Businesses
Search
Power Search | Tips
-
Navigate WinPlanet
WinPlanet Home Page

Software
Download Index
In-Depth Reviews
Tips & Tutorials
Updates
News

Software Categories
Browsers
Chat / Conferencing
Desktop Utilities
Development
Internet Apps
Multimedia
OS Service Packs
Productivity Tools

Software Glossary

WinPlanet Newsletter

internet.commerce
Partners & Affiliates

Small Business Computing
Small Business Computing
Ecommerce Guide
Webopedia
WinPlanet

WinPlanet / News

Download of the day
Norton AntiVirus 2008

Most Popular Software Downloads
Ad-Aware 2008 Free
Windows XP Service Pack 3
Internet Explorer 7
QuickTime for Windows
Adobe Flash Player
AVG Anti-Virus Free
Paint Shop Pro
Windows Live Suite
CCleaner (Crap Cleaner)
Winamp

Most Popular Software Articles
Windows Vista Tips & Tricks, Part 1
Windows Vista: Worthy of the Hype?
Windows Wireless Zero Configuration: Five Steps to Sanity


Software Reviews

Firefox 1.5.0.5 Fixes JavaScript Flaws
No Fewer Than Seven Critical Flaws Patched in Browser Update
Sean Michael Kerner

JavaScript (define) is the source of great power within the Mozilla Firefox browser. Unfortunately it may well also be the trigger for many of its flaws.

Today's release of Mozilla Firefox 1.5.0.5 is the latest official edition of the open source browser and patches no fewer than seven critical flaws, with some form of JavaScript issue being at the heart of most of them.

Mozilla Foundation Security Advisory 2006-44, entitled "Code execution through deleted frame reference," outlines one such highly critical JavaScript-related flaw.

In certain circumstances, according to the advisory, a JavaScript reference to a frame or window is not properly cleared when the referenced content went away.

The pointer to the deleted object could potentially be used to execute arbitrary code.

Security Advisory 2006-45, entitled " Javascript navigator Object Vulnerability," is another critical JavaScript-related flaw, which, if exploited, could allow an attacker to run arbitrary code.

Security Advisory 2006-50 addresses JavaScript engine vulnerabilities.

Called "JavaScript engine vulnerabilities," the fix covers up additional places where an untimely garbage collection could delete a temporary object that was in active use. Some of these may allow an attacker to run arbitrary code given the right conditions.

At least one of the JavaScript-related flaws reported as part of the Firefox 1.5.0.5 release has its discovery credited to security researcher H.D Moore.

The critical Mozilla Foundation Security Advisory 2006-48, titled "JavaScript new Function race condition," addresses a vulnerability that could potentially result in arbitrary code execution.

Moore is the co-author of the Metasploit Framework and is publishing one browser flaw a day every day in July as part of his Month of Browser Bugs effort.

Even some of the security advisories that don't have the term "JavaScript" in the title appear to be related to JavaScript in some way.

The critical Mozilla Foundation Security Advisory 2006-46, titled "Memory corruption with simultaneous events," is a case in point.

Though that particular advisory does not explicitly mention JavaScript in its description of the flaw, JavaScript is part of the solution for the flaw. The workaround, according to the Mozilla advisory, suggests that users Disable JavaScript until they can upgrade to a fixed version.

The 1.5.0.5 release is the fifth Firefox point release from Mozilla this year.

It released the Firefox 1.5.0.4 update at the beginning of June and corrected five critical vulnerabilities.

Mozilla's next-generation Mozilla Firefox 2.0 release is now in Beta 1, and is expected to go to full release in September.

News courtesy of internetnews.com

July 27, 2006

Download Mozilla Firefox v1.5.0.5 Now!Download

Download Mozilla Firefox v2.0 Beta Now!Download

View All Web Browsers

Contents:
1. No Fewer Than Seven Critical Flaws Patched in Browser Update

Additional Articles:

  • Mozilla's Newest FireFox Takes Flight
  • Browser Wars v.2004: Part 1
  • Browser Wars v.2004: Part 2
  • Mozilla Firefox's Volunteer Launch Brigade
  • Rise of the Underdog Browser
  • Firefox Makes It Official
  • Add-ons Extend Firefox Growth
  • Getting the Most Out of Firefox
  • Firefox Thankful for Strong November
  • Firefox, Others at Phishing Risk
  • Browser Wars: Who's Winning, Who's Losing
  • Firefox Torches Competition for Enterprise Linux Award
  • Mozilla Updates Firefox
  • New Firefox Vulnerability Pushes Latest Update
  • Firefox Update Patches Three in Time
  • JavaScript Flaw Hits Mozilla Users
  • Firefox Popularity Spurs Mozilla Traffic Surge
  • Beware the Browser Backlash
  • Another Flaw Found in Mozilla
  • Google Extends Firefox
  • New Firefox Fixes Holes
  • Firefox Advocate Site Hit by Hackers
  • Mozilla Goes for More Green
  • IBM Donates Code to Firefox
  • Firefox Losing Its Grip?
  • Mozilla Under Fire
  • Mozilla FireFox DoS Exploit Code Released
  • Firefox: Nearly a Year Old And Now 100M Strong
  • Happy Birthday, Firefox 1.0
  • Firefox Upgrade Near
  • Firefox at Critical Mass?
  • New Firefox Kills Bugs
  • A Word-Wise Firefox Extension
  • Mozilla Plugs Firefox Bugs
  • FireFox Fixes by the Dozen
  • Goooaaal! Google, Mozilla Kick In Soccer Fix
  • Firefox 2.0: Mozilla's Tabs Overfloweth
  • Firefox Is Doing So Well It's Now a Malware Target
  • Firefox 2.0 Beta Tweaking Its Look
  • The Firefox, IE Race to The Finish
  • Firefox Hits Seventh Heaven
  • Firefox 2.0 Release Candidate Goes Live Today
  • Double Deuce as Firefox 2.0 Nears Completion
  • Mozilla Fine-Tunes for Final Release of Firefox 2
  • Firefox 2.0 Released: 'Bon Echo' Lives!
  • Firefox 3.0 Already?
  • Path to Firefox 2.0 Is Cleared
  • Our Phishing Filter Is Better Than Yours!
  • Phishers Lurk for Firefox 2.0 Password Manager
  • Mozilla Fixes Firefox Flaws, Misses One
  • Mozilla Rakes In $53M
  • Mozilla Patches Some Firefox Holes
  • Mozilla Security: More Than Meets the 'Aye'
  • One Flaw and a First for Latest Firefox Update
  • Firefox 1.5 Gets Its Last Update
  • Firefox at Risk Because of Internet Explorer?
  • Firefox Fixes IE Flaws
  • Mozilla Firefox Still at Risk
  • Will Mozilla's Fuzzer Break the Web?
  • Mozilla Updates Firefox Ahead of Black Hat
  • Flaw Still Shadows Firefox
  • Firefox Gets BitTorrent
  • Firefox Gets QuickTime Fix
  • Mozilla Separating Browser from the App
  • Firefox Fixes Cross-Site Flaws
  • Firefox Breaks Web Canvas
  • Warning on Spoofed Login Windows in Firefox
  • Mozilla Update Quashes Slew of Firefox Flaws
  • Firefox Update Tackles Pair of Critical Bugs
    		•




    JupiterOnlineMedia

    internet.comearthweb.comDevx.commediabistro.comGraphics.com

    Search:

    Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

    Jupitermedia Corporate Info


    Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

    Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
    Solutions
    Whitepapers and eBooks
    Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
    Microsoft Article: 7.0, Microsoft's Lucky Version?
    Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
    Avaya Article: How to Feed Data into the Avaya Event Processor
    Microsoft Article: Install What You Need with Windows Server 2008
    HP eBook: Putting the Green into IT
    Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
    Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
    		Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
    Avaya Article: Setting Up a SIP A/S Development Environment
    IBM Article: How Cool Is Your Data Center?
    Microsoft Article: Managing Virtual Machines with Microsoft System Center
    HP eBook: Storage Networking , Part 1
    Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
    MORE WHITEPAPERS, EBOOKS, AND ARTICLES
    Webcasts
    Intel Video: Are Multi-core Processors Here to Stay?
    On-Demand Webcast: Five Virtualization Trends to Watch
    HP Video: Page Cost Calculator
    Intel Video: APIs for Parallel Programming
    		HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
    Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
    MORE WEBCASTS, PODCASTS, AND VIDEOS
    Downloads and eKits
    Sun Download: Solaris 8 Migration Assistant
    Sybase Download: SQL Anywhere Developer Edition
    Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
    		 Red Gate Download: SQL Compare Pro 6
    Iron Speed Designer Application Generator
    MORE DOWNLOADS, EKITS, AND FREE TRIALS
    Tutorials and Demos
    How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
    eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
    IBM Article: Collaborating in the High-Performance Workplace
    HP Demo: StorageWorks EVA4400
    		 Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
    Microsoft How-to Article: Get Going with Silverlight and Windows Live
    MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES