News

Reviews

Research

NEW ON CHANNELWEB

Coming Up: Women of the Channel Winter Workshop

Annual Report Cards

State of Tech: Security

Fast Growth 100

Tech Books Online

Subscribe to CRN

FEATURED VIDEO

Sponsored By:

SLIDE SHOWS

Pass That PCI Audit: 20 Hot Compliance Products

As if they needed more stress, organizations are facing evolving and increasingly stringent compliance regulations from the Payment Card Industry, as well as Sarbanes-Oxley, HIPAA and others. Here are a few security compliance products that can make the audit process less excruciating.

D&H: 10 Fresh Products For SMBs

Here are 10 of the distributor's hottest new offerings winning over solution providers.

Hot New Handsets For The Holidays

New smartphones from Sony, Motorola and the first-ever Twitter-only mobile device -- the TwitterPeek -- headline a busy week for handset makers as the holiday shopping season heats up.

INSIDE CHANNELWEB

Emerging Vendors Blog

Emerging Vendors Report

Fast Growth 100

Demand Generation Services

Partner Programs Guide

Vendor Content Community

Vendor Stimulus Directory

Women of the Channel

White Paper Library

Mozilla Working On Fix For Firefox Flaw

By Sharon Gaudin, ChannelWeb

3:25 PM EST Thu. Feb. 22, 2007

Mozilla said it is still working on the next security update for Firefox and will release it as soon as work is completed on a fix for a flaw that lets hackers tamper with how Web sites are displayed.

The security update for the open-source browser originally was slated to be released on Feb. 21 but was pushed back in order to accommodate a fix for this new flaw " the location.hostname vulnerability -- and other security and stability issues.

Michal Zalewski, a Polish security researcher, was the first to disclose the vulnerability last week on his mailing list, Full Disclosure. He explains that the flaw is in the most recent version of the Firefox browser -- 2.0.0.1 -- but adds that it affects other recent versions, as well.

The vulnerability allows malicious Web sites to manipulate authentication cookies for third-party sites.

"The impact is quite severe: Malicious sites can manipulate authentication cookies for third-party webpages, and, by the virtue of bypassing same-origin policy, can possibly tamper with the way these sites are displayed or how they work," Zalewski writes.

Mike Schroepfer, vice president of engineering for Mozilla, says the new security update will be out "soon."

"We have not heard of any reported exploits of these vulnerabilities, however, we are working to address the issue as quickly as possible to minimize the security risk to Firefox users," he wrote in an email response to InformationWeek questions. "Mozilla takes security vulnerabilities very seriously. Our contributors have been working through the weekend to address this issue as quickly as possible."

Zalewski offers an online determination of whether your machine is at risk.

Share: Digg Del.icio.us Facebook LinkedIn Twitter
More Security | Email this article | Print this article | Reprints

FEATURED PROMOTIONS

Avnet 0% Lease Promotion
The Avnet Capital Solutions “0% Lease Promotion” has been extended to December 31, 2009! This offering significantly reduces ...