Web browser and related software. Five of the eight flaws received a "critical" label, meaning that an attacker could exploit them to break into machines running vulnerable versions of the software.
Patches are available for both the 1.5.x and 2.x versions of Firefox, each of which should automatically alert you when the updates are ready for installation. Users also can install updates by clicking on "Help" then "Check for Updates." Some of the same updates also are available Mozilla's Thunderbird e-mail client, and its Seamonkey Internet suite.
Mozilla did not address one particular flaw that has received quite a bit of press over the past month: A bug in Firefox's password manager that could be exploited to gain access to a victim's stored user names and passwords.
Dan Veditz, a member of Mozilla's security team, said the team members thought they had a fix for the password manager flaw ready a week ago Friday, but later learned that it really didn't solve the problem. He said Mozilla currently plans to ship a fix for the problem in January.
No comments:
Post a Comment