Mozilla & Opera Join the Update Trend
It appears as if Internet Explorer isn’t the only browser that’s been hit by bugs and security flaws lately. Mozilla and Opera have also released patches and updates for their respective browsers.
In addition to updates for its popular Firefox browser, Mozilla recently released updates to its Thunderbird e-mail client and its SeaMonkey application suite. All of these updates are designed to address highly critical security flaws that could expose users' sensitive information. The vulnerabilities apply to earlier versions of Firefox 3, as well as in versions of Firefox 2.
One of the most serious vulnerabilities that was repaired could enable attackers to inject malicious URLs into the session restore feature of Firefox. This flaw could be used to launch a cross-site scripting attack, which is often used by hackers to seal financial data and other personal information.
Mozilla addressed the security issues in three separate advisories: The first advisory from Mozilla alluded to critical security flaws in Firefox, Thunderbird, and SeaMonkey that could occur from memory corruption and result in the ability for malicious attackers to launch arbitrary code from a user’s computer. Another set of critical vulnerabilities in all three applications could redirect users from a legitimate website to a malicious one. The third advisory noted that all three applications could allow the launch of arbitrary JavaScript within a different website.
Firefox users are encouraged to update to version 3.0.5 of Firefox. By upgrading to 3.0.5, you’ll also get fixes for several stability issues, additional language support, fixes for some accessibility problems, a stronger Firefox crash reporter tool, and more. The latest version of Thunderbird is 2.0.0.19, while SeaMonkey version 1.1.14 is the newest version.
Opera Software also released an update for its browser to fix various web security issues. Version 9.63 addresses holes in the browser that would allow a hacker to access a user’s computer, perform cross-site scripting, and denial of service attacks. The updated browser also restricts embedded SVG images from executing Java or plug-in content.
According to Opera, vulnerabilities included an HTML parsing flaw along with an issue that could “reveal random data” which will be explained later in better detail.