Both Google and Mozilla Firefox has fixed several bugs this week. Many of them have been tagged as Critical, so quickly updating the browsers are highly recommended! In this update Mozilla has plugged 11 security holes out of which 4 are tagged Critical and Google has fixed 2 vulnerabilities on Chrome. Please read on below to know more about Updating process and Security fixes.
Updating Process:
By default your Browser should update itself automatically. If it still has not updated then please follow the process below to Update…
1. Update Mozilla Firefox to 3.0.11:
Simply Click on Help > Check for Updates as shown on the image above and Firefox will automatically Update itself.
TIP: If you want to make your Firefox look the same as of the image then see this post to know how to make your FF layout Transparent under Vista or Windows 7.
2. Update Google Chrome to 2.0172.31:
Click on the Setting Icon > About Google Chrome and it will automatically check for updates and will install it.
Bug Fixes and Critical Vulnerabilities plugged:
Mozilla Firefox: According to Mozilla Foundation they have fixed the following loop holes and vulnerabilities
- JavaScript chrome privilege escation [Critical]
- Arbitrary code execution using event listeners [Critical]
- Race condition while accessing the private data of a NPObjects JS wrapper class object [Critical]
- Crashes with evidence of memory corruption [Critical]
- SSL tampering via non-200 responses to proxy CONNECT request [High]
- Incorrect principal set for file: resources loaded via location bar [Moderate]
- Arbitrary domain cookie access by local file: resources [Moderate]
- XUL scripts bypass content-policy checks [Low]
- URL spoofing with invalid Unicode characters [Low]
So we can see 3 of the critical bugs are due to JavaScript which can execute arbitrary codes and cause memory corruption and other vulnerabilities. So updating is highly recommended.
Google Chrome: According to Google the following critical issues have been fixed…
- CVE-2009-1690 Memory corruption: A memory corruption issue exists in WebKit’s handling of recursion in certain DOM event handlers. Visiting a maliciously crafted website may lead to a tab crash or arbitrary code execution in the Google Chrome sandbox. This update addresses the issue through improved memory management [Critical as an attacker might be able to run arbitrary code within the Google Chrome sandbox.]
- CVE-2009-1718 Drag and drop information leak: An issue exists in WebKit’s handling of drag events. This may lead to the disclosure of sensitive information when content is dragged over a maliciously crafted web page. This update addresses the issue through improved handling of drag events [Moderate attacker might be able to read data belonging to another web site, if a user can be convinced to select and drag data on an attacker-controlled site]
So update to the latest version of both these Browsers as soon as possible. If you face any trouble or have any queries then feel free to ask us!
