1. Latest News
  2. Submit Press Release
  1. PR Home
  2. Latest News
  3. Feeds
  4. Alerts
  5. Submit Free Press Release
  6. Journalist Account
  7. PRNewswire Distribution

Mozilla Mitigates 8 Critical, 1 High Risk and 1 Moderate Risk Vulnerabilities

Recently, Mozilla released patch for 10 vulnerabilities associated with Firefox and Thunderbird.

 
PRLog - Mar. 3, 2011 - ALBUQUERQUE, N.M. -- Recently, Mozilla released patch for 10 vulnerabilities. The addressed vulnerabilities pertain to Firefox 3.6.14, 3.5.17 and Thunderbird 3.1.8. The developer has rated 8 out of the 10 vulnerabilities as critical. Out of the remaining two, Mozilla has rated one as high and the other as moderate risk security flaw.

The vulnerabilities are associated with JPEG image, plugins and 307 redirects, text run construction, web workers, JavaScript atom map, JavaScript upvarMap and JSON.stringify.  The security update also addresses numerous memory safety bugs associated with Firefox 3.6 and 3.5, which cause memory corruption. Attackers could exploit the bug to run arbitrary code. Security professionals at Mozilla also patched a security flaw caused by ParanoidFragmentSink. Usually, ParanoidFragmentSink class is used to clean unsafe HTML. However, it was identified that the class allows javascript URLs in chrome documents. The flaw could be exploited by a malicious extension code. The security update included a patch for a security flaw, which could allow an attacker to use a specially crafted JPEG image to store a malicious code in the memory and get it executed on a targeted computer system.  Firefox and Thunderbird users must update their browsers to protect their computer system from security breaches.

The vulnerabilities were reported by security researchers affiliated to various organizations. Mozilla rates those vulnerabilities as critical, which may be exploited by attackers to execute code and install malicious software in computer systems of users performing normal browsing.  The developer ranks those vulnerabilities as high, which track websites visited by a user to either steal information or to inject malicious code on the visited websites. The vibrant threats from cybercriminals could be tackled by proactive identification and timely communication of security flaws. Online degree and training programs may help security experts in improving their soft skills.    

Security professionals at Mozilla have addressed the security flaws a week before the Pwn2Own contest, which would be organized as a part of the upcoming CanSecWest security conference. Ethical hackers, computer science degree holders, penetration testers and other IT security professionals are expected to exploit flaws associated with different web browsers such as Mozilla firefox, Google Chrome and Microsoft Internet Explorer along with other software applications during the contest. Developers and sponsors have announced cash prize and other bounties for experts, who manage to breach the security of the products.

Organizations require large number of cyber security experts to deal with the sophisticated challenges from attackers. Introduction of online university degree programs may encourage prospective science and engineering students to undertake research in cyber security and contribute in developing new secure technologies.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).

--- End ---

Click to Share

Contact Email:
***@eccouncil.org Email Verified
Source:EC-Council
Phone:505-341-3228
City/Town:Albuquerque - New Mexico - United States
Industry:Internet security, Security
Tags:mozilla, Firefox, thunderbird, vulnerabilities, bugs, online degree, online university degree, computer science
Shortcut:prlog.org/11347691
Disclaimer:   Issuers of the press releases are solely responsible for the content of their press releases. PRLog can't be held liable for the content posted by others.   Report Abuse

Latest Press Releases By “

More...

Trending News...



  1. SiteMap
  2. Privacy Policy
  3. Terms of Service
  4. Copyright Notice
  5. About
  6. Advertise
Like PRLog?
9K2K1K
Click to Share