Mozilla Patches 8 Critical, 1 High Risk and 1 Moderate Risk Vulnerabilities

Recently, Mozilla released patch for 10 vulnerabilities associated with Firefox and Thunderbird.
Bookmark and Share
Albuquerque, NM ( March 3, 2011 - Albuquerque, NM, March 3, 2011 - Recently, Mozilla released patch for 10 vulnerabilities. The addressed vulnerabilities pertain to Firefox 3.6.14, 3.5.17 and Thunderbird 3.1.8. The developer has rated 8 out of the 10 vulnerabilities as critical. Out of the remaining two, Mozilla has rated one as high and the other as moderate risk security flaw.

The vulnerabilities are associated with JPEG image, plugins and 307 redirects, text run construction, web workers, JavaScript atom map, JavaScript upvarMap and JSON.stringify. The security update also addresses numerous memory safety bugs associated with Firefox 3.6 and 3.5, which cause memory corruption. Attackers could exploit the bug to run arbitrary code. Security professionals at Mozilla also patched a security flaw caused by ParanoidFragmentSink. Usually, ParanoidFragmentSink class is used to clean unsafe HTML. However, it was identified that the class allows javascript URLs in chrome documents. The flaw could be exploited by a malicious extension code. The security update included a patch for a security flaw, which could allow an attacker to use a specially crafted JPEG image to store a malicious code in the memory and get it executed on a targeted computer system. Firefox and Thunderbird users must update their browsers to protect their computer system from security breaches.

The vulnerabilities were reported by security researchers affiliated to various organizations. Mozilla rates those vulnerabilities as critical, which may be exploited by attackers to execute code and install malicious software in computer systems of users performing normal browsing. The developer ranks those vulnerabilities as high, which track websites visited by a user to either steal information or to inject malicious code on the visited websites. The vibrant threats from cybercriminals could be tackled by proactive identification and timely communication of security flaws. Online degree and training programs may help security experts in improving their soft skills.

Security professionals at Mozilla have addressed the security flaws a week before the Pwn2Own contest, which would be organized as a part of the upcoming CanSecWest security conference. Ethical hackers, computer science degree holders, penetration testers and other IT security professionals are expected to exploit flaws associated with different web browsers such as Mozilla firefox, Google Chrome and Microsoft Internet Explorer along with other software applications during the contest. Developers and sponsors have announced cash prize and other bounties for experts, who manage to breach the security of the products.

Organizations require large number of cyber security experts to deal with the sophisticated challenges from attackers. Introduction of online university degree programs may encourage prospective science and engineering students to undertake research in cyber security and contribute in developing new secure technologies.

Contact Press

Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.


Tag Words: bugs, vulnerabilities, thunderbird, firefox, mozilla, computer science, online university degree, online degree
Categories: Security

Link To This Press Release:

Create Press Release
Press Release Options
About This Press Release
If you have any questions about this press release, please contact the listed publisher. Please do not contact prHWY as we cannot help you with your inquiry.