Web Hosting Blog

Mozilla has released an updated version of Firefox browser. This new release covers 11 vulnerabilities that exposed users to code execution information stealing or denial of service attacks.

4 out of 11 vulnerabilities were considered critical.

The 4 critical vulnerabilities are as follows :

1. MFSA 2008 53 XSS and JavaScript privilege escalation via session restore. The feature available with the Firefox browser of session restore has a flaw of violating the same origin policy and run JavaScript in another site. This vulnerability could also be used by an attacker to run arbitrary JavaScript with chrome privileges.
2. MFSA 2008 55 Crash and remote code execution in nsFrame Manager. This vulnerability was a part of Mozilla’s DOM code which could be exploited by modifying properties of a file input element before it finishes initiating. An uninitialized memory is accessed by the browser which resulted in crash. The crash might be used by an attacker to run arbitrary code on the victim computer.
3. MFSA 2008 52 crash with evidence of memory corruption. The developers of Mozilla identified and fixed many stability bugs in the browser engine used by Firefox and other Mozilla products. Some showed evidence of memory corruptions under certain circumstances
4. MFSA 2008 54 buffer overflow in http index format parser. In this flaw Mozilla parsed the http index format MIME type. By sending a specially crafted 200 header line in the http index response an attacker can cause the browser to crash and also run arbitrary code in the victims computer.

All these critical 4 faults have been fixed along with the rest not so critical flaws.

Mozilla would soon release a Private Browsing version of Firefox, also called as the Porn Mode.

Private browsing Mode does not keep any traces of the web activities on the computer. Private browsing should not be misunderstood as being anonymous over the web or from the ISP’s (Internet service providers) neither does it keep users protected spyware or malware. What Firefox does is, it clears the data of users online activity.

Apple’s Safari, Google’s Chrome and Microsoft’s Internet Explorer 8 Beta version 2 already have the Private Browsing Mode also know as the Porn Mode.

This update will be available publicly on Firefox 3.1 Beta 2, which is soon to be released. Users can download the current developer built version from Mozilla Developer Page.

Firefox has introduced its next generation fastest browser “Minefield” is probably the fastest javascript engine. With this browser the future seems to be really fast for Firefox.

Web masters say that Minefield is almost 10% faster than Google Chrome. Though this is a pre-release and is an alpha version of Firefox.

To test the browser Click here to download. This is a completely separate browser so you need not worry, it will not upgrade your current Mozilla browser.

This new superfast browser is built to suite Mac OS X, Linux and Windows.

So why waiting, click the link above, download, install and experience the browser yourself.

Flash Player products are prone to clickjacking attacks due to a security defect as addressed by Adobe Systems.

Flash Player 10 was re-introduced into the market on Wednesday which has a fix for the flaw which was reported by Adobe systems.

Due to the susceptibility to clickjacking attacks, Adobe Flash Player 9.0.124.0 and the other previous products has security defect that needs to be fixed as Flash Products alongwith various browsers like Internet explorer, Firefox, Opera and Safari are prone to the attacks.

The new update can also prevent clickjacking attacks on users web cameras and microphones. The update contains four more security fixes which has improvement against clipboard attacks and a fix for port- scanning attacks.

What is Clickjacking?

Clickjacking is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website. In technical terms it is also known as user-interface (UI) redressing and IFRAME overlay. The host website or a particular web page may be a genuine site which has been hacked. The attacker fools the user to visit a site via online links or e-mails.

There is an estimated 2,00,000 nasty programs in existence today. And the majority of them are aimed at sabotaging Windows PC`s.

Such programs can reach the machine through e-mail, instant messenger, internet connection or the web browser if the user visits an incorrect website. Windows users feel under attack as the threats are abundant and emerge very fast.

Users need to take some simple steps to avoid the problem as day-by-day attacks on the users are becoming more and more sophisticated.

Companies such as Trend Micro, Kaspersky and Microsoft offer free computer scanning free computer scanning services for the users who want to scan their machines via web.

Organisations such as the Computer Emergency Response Team (CERT) which provides assistance on Setting up a safe net connection.

Here are some basic steps which will help the users stay safe online.

ANTIVIRUS

Every PC must have an Anti-Virus software it is the first thing that any user should have on their computer system. It must be updated on a regular basis.

Good anti-virus use programs use heuristic techniques to spot viruses which have not been identified but have all the signs of a virus.

Nowadays many personal computers come with anti-virus already installed but may be user needs to buy an annual package. It is always better to get annual subscription than letting your bank account details being hacked and emptied.

FIREWALL

A firewall too is one of the most important security software for PC users. New versions of Windows XP have an in-built firewall. Though I feel that its features are limited but enough protected.

Comodo and Zone Alarm firms have free firewalls available.

Using a Hub or a Router can be useful to connect to the web. It can block some of the lower intensity attacks.

SPYWARE

A simple browsing of web too can expose you to all kind of danger.

An Anti-Spyware software will help clean up your PC incase you get hit. There are add-ons available for the browsers which can warn you of potentially harmful sites. McAfee`s Site Advisor is among them. Google too warns about a potentially unsafe web-site.

Security experts recommend the use of web browsers such as Mozilla Firefox or Opera instead of the traditional ones.

UPDATE

With Windows user, one needs to keep the updating the software.

Never open an attachment in a mail that you haven’t expected.

Never reply to spam mails. Stay extra careful about a mail that asks your financial details no matter if it confirms your address. Learn to spot phishing e-mails.

SUMMARY

Use anti-spyware and anti-virus programs.

Anti-virus and spyware programs should be updated atleast one a week.

Install a firewall and don’t forget to check it is switched On.

Updates to the operating system should be assured to have Installed.

Monitoring of your system is very essential.

Family members who use the web should be educated about the threats.

Just follow these simple steps and sit back and enjoy your work with the PC.

Mozilla releases a technology that helps websites detect the Physical location of computers using Firefox browser.

This new technology will help users find locations such as Re-fueling stations, restaurants, Hospitals etc. when traveled to new towns.

This new project is named as “Geode”. It uses a W3C geolocation technology of version 3.1 Firefox. It is still an experimental project, but if implemented successfully, it will be of great use to users.

Skyhook is the firm that has made this new technology. It figures out a computer’s location from a nearby wireless network. It is called a Loki system which determines with an accuracy of 10 to 20 metres within few seconds of the hit of the button.

Mozilla claims that Geode will have a range of different applications.

Mozilla is still working on Geode specifics, and are not sure if one or two or more selectable service providers would provide the information such as GPS-based, WiFi based or manual entries.

Users can use this release with beta releases of Firefox 3.1 and alpha releases of Fennec.

Any person having a WiFi laptop can use this technology for the time being. With Mozilla Geode, when a website would request your location a notification bar will ask about the information you want to furnish to that site. You can even deny giving any information, so Mozilla seems to have kept the privacy factor intact.

The current service provider is Skyhook, so for sometime both locations and IP information will be sent to them.

Users can download Geode from the below given URL :

https://people.mozilla.com/%7Edolske/dist/geode/geode-latest.xpi