Web Browser Security

Mozilla fixes "critical" bugs in new release of Firefox

By

Thirteen security vulnerabilities were fixed this week when Mozilla released Firefox 13.

Mozilla releases patches for "critical" vulnerabilities in Firefox 11

By

Mozilla released patches for 12 vulnerabilities in Firefox 11, the newest version of its web browser.

Microsoft issues patch plans, includes Internet Explorer fix

By

Tuesday's monthly patch batch from Microsoft will be relatively light, with the software giant planning nine fixes -- four rated "critical" -- to address 21 vulnerabilities.

Microsoft to begin silently updating IE in 2012

By

Borrowing a page from other web browser manufacturers, Microsoft soon will automatically upgrade Windows customers to the latest version of IE.

Chrome 16 includes 15 vulnerability fixes

By

Google on Tuesday released Chrome 16, which includes fixes for 15 security vulnerabilities.

Microsoft's October update to fix 23 flaws

By

The Patch Tuesday bulletins, of which two are rated "critical" and six deemed "important," are due Oct. 11 at about 2 p.m. EST.

Mozilla releases Firefox 7.0.1 to fix add-on issue

By

Mozilla released an update for its Firefox browser to address what it called a "rare" bug that caused add-ons to be hidden for some users after upgrading to version 7.

One of two responsible for AT&T iPad breach pleads guilty

By

A San Francisco man who was charged with exploiting a flaw on the AT&T website to obtain personal information about Apple iPad subscribers has pleaded guilty, prosecutors said Thursday.

Mozilla releases Firefox 5, ends support for version 4

By

The latest version of Mozilla's Firefox web browser, version 5, was released on Tuesday with fixes for a number of vulnerabilities that could allow an attacker to crash a victim's browser, run arbitrary code on their computer, steal data or perform cross-site scripting attacks. Mozilla also fixed several security vulnerabilities in Firefox 3.6 this week, but ended support for Firefox 4, which was released just three months ago and received its only update, Firefox 4.0.1, in April. Users of Firefox 4 are being advised to upgrade to Firefox 5.

Google Chrome update closes Flash zero-day

By

Google on Tuesday updated Chrome to close a zero-day flaw in the web browser's version of Adobe Flash Player, ahead of rival browsers Internet Explorer, Firefox, Safari and Opera - and even ahead of Adobe itself. Chrome 10.0.648.134 contains an updated build of Flash Player, which Google received for integration and testing as part of a collaboration with Adobe, an Adobe spokeswoman told SCMagazineUS.com on Thursday. Meanwhile, Adobe on Monday warned that attackers currently are exploiting the flaw through malicious Microsoft Excel files. The software maker is finalizing a fix and plans to patch Flash for Windows, Mac OS X and Linux next week.

IE9 with do-not-track option released

By

The latest version of Internet Explorer, version 9, was released Tuesday with a much-discussed tool that allows users to opt out of having their web surfing monitored. In December, the Federal Trade Commission suggested browser manufacturers adopt such a capability as a means of safeguarding consumers' online habits. Microsoft's do-not-track feature, by default, alerts websites that the user's data is not to be tracked. While Mozilla announced it too would soon offer such an option in its Firefox browser, Apple and Google have not yet publicly announced plans. - GM

eHarmony advice site hacked to expose user information

By

eHarmony has confirmed that a hacker recently gained access to a file containing user information, weeks after another popular dating site was compromised.

Dating site PlentyOfFish hacked to expose passwords

By

The credentials of nearly 30 million online daters are at risk following the exploit of a common website vulnerability. The exact circumstances of the incident remain in question.

Google, Mozilla announce new 'do not track' features

By

Google, maker of the Chrome web browser, on Monday made a feature available that allows users to permanently opt out of online behavioral advertising tracking cookies.

Microsoft upset over Google researcher's tool release

By

A potentially exploitable zero-day vulnerability in Internet Explorer, detailed by a Google researcher who created a fuzzing tool to find browser flaws, is under investigation by Microsoft.

Firefox 3.6.13 issued to fix 13 flaws, 11 "critical"

By

Mozilla on Thursday issued an updated Firefox web browser to fix 13 vulnerabilities.

Firefox zero day being exploited in the wild

By

Cybercriminals are exploiting a "critical" zero-day flaw in Mozilla's Firefox web browser to distribute malware, security firms are warning.

Mozilla releases Firefox 3.6.11 to address 12 flaws

By

Mozilla on Tuesday released an updated version of its Firefox web browser to shore up a dozen vulnerabilities.

Google releases Chrome 6

By

Google on Thursday acknowledged the two-year anniversary of its Chrome browser with a new stable channel version that addresses more than a dozen security vulnerabilities. The flaws may allow an attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or conduct spoofing attacks, according to an advisory posted by the US-CERT on Friday. Google, which provides monetary rewards for the disclosure of security bugs, paid out $4,337 in bounties for the vulnerabilities. The Chrome 6.0.472.53 stable channel update is available for Windows, Mac and Linux users. — AM

Google fixes 11 flaws in Chrome

By

Google late last week fixed 11 security flaws in its Chrome web browser that could allow an attacker to execute arbitrary code, cause a denial-of-service, or conduct spoofing attacks, according to an advisory from the US-CERT. Google, which provides monetary rewards for the disclosure of security bugs, paid more than $10,000 to various researchers for the flaws. The Google Chrome 5.0.375.127 stable channel update is available for Windows, Mac and Linux users. — AM

Opera 10.61 addresses high severity flaw

By

Opera Software on Thursday released Opera 10.61 to address a heap buffer overflow vulnerability that could be used to execute arbitrary code, the company said in an advisory. The flaw, classified as "high" in severity, affects the browser's HTML5 canvas, which allows developers to draw graphics using JavaScript. Due to the flaw, performing some painting operations on a canvas in Opera may result in heap buffer overflows. The update, available for Windows, Mac and Unix, also fixes two lower severity flaws involving news feeds and tabs. — AM

Why malware wins the host race

Why malware wins the host race

A noted security researcher explains how sophisticated malware is created to elevate privileges on behalf of an attacker so security controls, such as anti-virus, can be disabled.

Newly issued Safari 5 closes dozens of holes

By

Apple on Monday issued Safari 5 and Safari 4.1 to close dozens of security vulnerabilities, some of which could allow an attacker to install malicious code on an affected system.

Opera issues update to address major flaw

By

Opera Software has released an update for its web browser to address a vulnerability that has been classified as "extremely severe," according to the company's security advisory. Opera 10.53 corrects the flaw, which affects the browser for both Windows and Mac, and could allow an attacker to cause an application crash and execute arbitrary code, according to a separate advisory posed by the US-CERT. Users have been advised to update immediately. — AM

Firefox issues 3.5.8 to address security issues

By

Mozilla this week updated two versions of its Firefox web browser to fix several security issues that could allow an attacker to execute arbitrary code or bypass security restrictions, according to the company's security advisories. Firefox versions 3.0.18 and 3.5.8 remediate three flaws that were rated "critical" and two rated "moderate" by Mozilla. The newest version of the browser, Firefox 3.6, is not affected. — AM

New attack against IE could expose all PC files

By

An attacker could leverage design flaws in Internet Explorer to read every file on a user's computer, according to researchers at Core Security Technologies

Mozilla issues Firefox updates, no security fixes

By

Mozilla on Tuesday released an update to its Firefox web browser, pushing out versions 3.5.7 and 3.0.17. The updates do not contain any security fixes, though the update fixed a "common stability issue," according to the release notes. Users can download the latest Firefox version here. — DK

Microsoft affirms vulnerability affecting Internet Explorer

By

Microsoft engineers are prepping a fix for a zero-day Internet Explorer version 6 and 7 flaw, while users are encouraged to apply workarounds as they await a patch.

Web technologies account for 78 percent of all bugs

By

Of all vulnerabilities in web technologies discovered in the first half of 2009, 90 percent were present in web applications.

Browser cookie handling could widen web attack space

By

Contrary to conventional wisdom, due to the way browsers handle cookies, an attack on a company's subdomain can net an attacker free reign over the principal production domain.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US