Mozilla

The Mozilla foundation just released the popular web browser Firefox in version 3.6.9. The new version fixes overall 14 security vulnerabilities of which 10 are rated critical by the developers. Additionally, they added a new feature called “X-FRAME-OPTIONS“-header which shall help mitigating clickjacking attacks as web site owners can ensure with this header that their content isn’t inserted into other sites via frames. The update is available through the automatic update mechanism ( via the “Help” – “Search for updates” menu). ...

Like a lot of seedy stuff, this started with a Twitter post:. The current working version of Mozilla’s Firefox browser is 3.6.8. Version 4 is in beta testing. You get them FREE from Mozilla.. Why would you need a crack (program with its password broken) or a keygen (application that generates a password for a password-protected program) for something that is FREE? Well, there’s a sucker born every minute and the folks at this warez (pirated software) site are betting there are a lot of them using Twitter. ...

With competition in the Web browser field having transitioned from cold to boiling in less than a year’s time, Mozilla suddenly finds itself playing catch-up against not only Apple and Google, but Microsoft as well. In March, the organization realized it needed to completely make over Firefox 4 if it wanted to remain feature competitive against a fast-rising Google Chrome. In a live presentation yesterday, Mozilla Firefox director Mike Beltzner admitted that his group’s March roadmap, which involved an interim release of Firefox 3.7, had too many steps. Now the group has decided to straighten out its path by grafting version 3.7’s main additions onto a point release Firefox 3.6.4, and shifting gears to focus on version 4.0. ...

Evgeny Legerov, founder of Intevydis in Moscow, has created an exploit that hits a previously unknown heap-corruption vulnerability in the Firefox browser. The code isn’t readily available though, since he’s put it in a module to the automated exploitation system he sells (reportedly at a considerable price.) Legerov has not provided information on the vulnerability to Mozilla. The Intevydis site says: “Exploitation frameworks are not new on the market, but only we may offer you hundreds of CANVAS modules for unpatched and unknown vulnerabilities in highly popular software products.” ...

Mozilla yesterday posted a notice on its AMO blog (that’s an acronym for their add-on site addons.mozilla.org) that two add-ons have been found infected with Trojan code: Sothink Web Video Downloader v. 4.0 and all versions of Master Filer. Version 4.0 of Sothink Web Video Downloader contained Win32.LdPinch.gen and Master Filer contained Win32.Bifrose. According to the blog, Masterfiler was downloaded 600 times before it was removed from the site Jan. 25 and Sothink was downloaded more than 4,000 times before it was removed Feb. 2. ...