How to Check for Outdated Plugins in Firefox

Mozilla started the plugin check program to help users keep their plugins up to date on Firefox. Outdated plugins are a major source of security and stability risk for web users.

Click Here to Read the Full Post →

Firefox 3.6.7 fixes critical issues in 3.6.6

Mozilla has shipped a mega patch for Firefox to fix a total of 14 moderate to critical security flaws that expose Web surfers to attacks by hackers.

Impact key:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.

Below is a list of bugs fixed in the latest release:

  • Cross-origin data leakage from script filename in error messages
  • Cross-domain data theft using CSS
  • Multiple location bar spoofing vulnerabilities
  • Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
  • Same-origin bypass using canvas context
  • Cross-origin data disclosure via Web Workers and importScripts
  • Remote code execution using malformed PNG image
  • nsTreeSelection dangling pointer remote code execution vulnerability
  • nsCSSValue::Array index integer overflow
  • Arbitrary code execution using SJOW and fast native function
  • Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
  • Use-after-free error in NodeIterator
  • DOM attribute cloning remote code execution vulnerability
  • Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)