internet.com
You are in the: Small Business Computing Channelarrow
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |Refer-It

WinPlanet Software Downloads and Reviews for Small Businesses
Search
Power Search | Tips
-
Navigate WinPlanet
WinPlanet Home Page

Software
Download Index
In-Depth Reviews
Tips & Tutorials
Updates
News

Software Categories
Browsers
Chat / Conferencing
Desktop Utilities
Development
Internet Apps
Multimedia
OS Service Packs
Productivity Tools

Software Glossary

WinPlanet Newsletter

internet.commerce
Partners & Affiliates

Small Business Computing
Small Business Computing
Ecommerce Guide
Webopedia
WinPlanet

WinPlanet / News

Download of the day
Internet Explorer 8

Most Popular Software Downloads
Mozilla Firefox 3.0
Ad-Aware 2008 Free
Internet Explorer 7
QuickTime for Windows
Paint Shop Pro
Mozilla Firefox Portable Edition 3
AVG Anti-Virus Free
Windows XP Service Pack 3
Ashampoo WinOptimizer
Adobe Flash Player
Windows Live Suite

Most Popular Software Articles
Windows Vista Tips & Tricks, Part 1
Windows Vista: Worthy of the Hype?
Windows Wireless Zero Configuration: Five Steps to Sanity


Software Reviews

Firefox 1.5.0.5 Fixes JavaScript Flaws
No Fewer Than Seven Critical Flaws Patched in Browser Update
Sean Michael Kerner

JavaScript (define) is the source of great power within the Mozilla Firefox browser. Unfortunately it may well also be the trigger for many of its flaws.

Today's release of Mozilla Firefox 1.5.0.5 is the latest official edition of the open source browser and patches no fewer than seven critical flaws, with some form of JavaScript issue being at the heart of most of them.

Mozilla Foundation Security Advisory 2006-44, entitled "Code execution through deleted frame reference," outlines one such highly critical JavaScript-related flaw.

In certain circumstances, according to the advisory, a JavaScript reference to a frame or window is not properly cleared when the referenced content went away.

The pointer to the deleted object could potentially be used to execute arbitrary code.

Security Advisory 2006-45, entitled " Javascript navigator Object Vulnerability," is another critical JavaScript-related flaw, which, if exploited, could allow an attacker to run arbitrary code.

Security Advisory 2006-50 addresses JavaScript engine vulnerabilities.

Called "JavaScript engine vulnerabilities," the fix covers up additional places where an untimely garbage collection could delete a temporary object that was in active use. Some of these may allow an attacker to run arbitrary code given the right conditions.

At least one of the JavaScript-related flaws reported as part of the Firefox 1.5.0.5 release has its discovery credited to security researcher H.D Moore.

The critical Mozilla Foundation Security Advisory 2006-48, titled "JavaScript new Function race condition," addresses a vulnerability that could potentially result in arbitrary code execution.

Moore is the co-author of the Metasploit Framework and is publishing one browser flaw a day every day in July as part of his Month of Browser Bugs effort.

Even some of the security advisories that don't have the term "JavaScript" in the title appear to be related to JavaScript in some way.

The critical Mozilla Foundation Security Advisory 2006-46, titled "Memory corruption with simultaneous events," is a case in point.

Though that particular advisory does not explicitly mention JavaScript in its description of the flaw, JavaScript is part of the solution for the flaw. The workaround, according to the Mozilla advisory, suggests that users Disable JavaScript until they can upgrade to a fixed version.

The 1.5.0.5 release is the fifth Firefox point release from Mozilla this year.

It released the Firefox 1.5.0.4 update at the beginning of June and corrected five critical vulnerabilities.

Mozilla's next-generation Mozilla Firefox 2.0 release is now in Beta 1, and is expected to go to full release in September.

News courtesy of internetnews.com

July 27, 2006

Download Mozilla Firefox v1.5.0.5 Now!Download

Download Mozilla Firefox v2.0 Beta Now!Download

View All Web Browsers

Contents:
1. No Fewer Than Seven Critical Flaws Patched in Browser Update

Additional Articles:

  • Mozilla's Newest FireFox Takes Flight
  • Browser Wars v.2004: Part 1
  • Browser Wars v.2004: Part 2
  • Mozilla Firefox's Volunteer Launch Brigade
  • Rise of the Underdog Browser
  • Firefox Makes It Official
  • Add-ons Extend Firefox Growth
  • Getting the Most Out of Firefox
  • Firefox Thankful for Strong November
  • Firefox, Others at Phishing Risk
  • Browser Wars: Who's Winning, Who's Losing
  • Firefox Torches Competition for Enterprise Linux Award
  • Mozilla Updates Firefox
  • New Firefox Vulnerability Pushes Latest Update
  • Firefox Update Patches Three in Time
  • JavaScript Flaw Hits Mozilla Users
  • Firefox Popularity Spurs Mozilla Traffic Surge
  • Beware the Browser Backlash
  • Another Flaw Found in Mozilla
  • Google Extends Firefox
  • New Firefox Fixes Holes
  • Firefox Advocate Site Hit by Hackers
  • Mozilla Goes for More Green
  • IBM Donates Code to Firefox
  • Firefox Losing Its Grip?
  • Mozilla Under Fire
  • Mozilla FireFox DoS Exploit Code Released
  • Firefox: Nearly a Year Old And Now 100M Strong
  • Happy Birthday, Firefox 1.0
  • Firefox Upgrade Near
  • Firefox at Critical Mass?
  • New Firefox Kills Bugs
  • A Word-Wise Firefox Extension
  • Mozilla Plugs Firefox Bugs
  • FireFox Fixes by the Dozen
  • Goooaaal! Google, Mozilla Kick In Soccer Fix
  • Firefox 2.0: Mozilla's Tabs Overfloweth
  • Firefox Is Doing So Well It's Now a Malware Target
  • Firefox 2.0 Beta Tweaking Its Look
  • The Firefox, IE Race to The Finish
  • Firefox Hits Seventh Heaven
  • Firefox 2.0 Release Candidate Goes Live Today
  • Double Deuce as Firefox 2.0 Nears Completion
  • Mozilla Fine-Tunes for Final Release of Firefox 2
  • Firefox 2.0 Released: 'Bon Echo' Lives!
  • Firefox 3.0 Already?
  • Path to Firefox 2.0 Is Cleared
  • Our Phishing Filter Is Better Than Yours!
  • Phishers Lurk for Firefox 2.0 Password Manager
  • Mozilla Fixes Firefox Flaws, Misses One
  • Mozilla Rakes In $53M
  • Mozilla Patches Some Firefox Holes
  • Mozilla Security: More Than Meets the 'Aye'
  • One Flaw and a First for Latest Firefox Update
  • Firefox 1.5 Gets Its Last Update
  • Firefox at Risk Because of Internet Explorer?
  • Firefox Fixes IE Flaws
  • Mozilla Firefox Still at Risk
  • Will Mozilla's Fuzzer Break the Web?
  • Mozilla Updates Firefox Ahead of Black Hat
  • Flaw Still Shadows Firefox
  • Firefox Gets BitTorrent
  • Firefox Gets QuickTime Fix
  • Mozilla Separating Browser from the App
  • Firefox Fixes Cross-Site Flaws
  • Firefox Breaks Web Canvas
  • Warning on Spoofed Login Windows in Firefox
  • Mozilla Update Quashes Slew of Firefox Flaws
  • Firefox Update Tackles Pair of Critical Bugs
    		•




    JupiterOnlineMedia

    internet.comearthweb.comDevx.commediabistro.comGraphics.com

    Search:

    Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

    Jupitermedia Corporate Info


    Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

    Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
    Solutions
    Whitepapers and eBooks
    IBM eBook: Planning a Service Oriented Architecture
    IBM eBook: Choosing the Right Architecture--What It Means for You and Your Business
    Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
    Avaya Article: Using Intelligent Presence to Create Smarter Business Applications
    Intel Go Parallel Article: Getting Started with TBB on Windows
    Microsoft Article: 7.0, Microsoft's Lucky Version?
    Avaya Article: How to Feed Data into the Avaya Event Processor
    		IBM Article: Developing a Software Policy for Your Organization
    Microsoft Article: Managing Virtual Machines with Microsoft System Center
    Intel Go Parallel Article: Intel Threading Tools and OpenMP
    HP eBook: Storage Networking , Part 1
    Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
    MORE WHITEPAPERS, EBOOKS, AND ARTICLES
    Webcasts
    HP Video: StorageWorks EVA4400 and Oracle
    HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
    		 Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
    MORE WEBCASTS, PODCASTS, AND VIDEOS
    Downloads and eKits
    Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook
    Iron Speed Designer Application Generator
    		 MORE DOWNLOADS, EKITS, AND FREE TRIALS
    Tutorials and Demos
    Silverlight 2 App and Walkthrough: Leverage Silverlight 2 with SQL Server and XML
    IBM Article: Enterprise Search--Do You Know What's Out There?
    HP Demo: StorageWorks EVA4400
    		 Microsoft Article: The Progress and Promise of Deep Zoom
    Microsoft How-to Article: Get Going with Silverlight and Windows Live
    MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES