It’s been a while since Firefox has been in the news, but this is a fairly high profile case involving the Nobel Peace Prize website. It seems there is a race condition vulnerability in the latest versions of Firefox (including 3.6.11) that allows remote exploitation. In this case it was used via an iFrame on […]
There’s been a number of bounty programs in the past year or so with Mozilla being one of the forerunners with their Mozilla Security Bug Bounty Program. There are others like Google offering rewards for bugs in Chrome, and other specific high profile bounties like when Microsoft Offered $250K Bounty for Conficker Author. Mozilla on […]
Seems like Pwn2Own is getting a reputation for uncovering some pretty nasty browser based vulnerabilities, once again this year Firefox, Safari and IE8 were all broken wide open. The latest development is Mozilla has beaten both Microsoft and Apple to the punch and released Firefox 3.6.3 patching the vulnerability. Again it was a critical vulnerability […]
Ah a bug in our beloved Firefox, after the latest 3.5 update (which sees some definite improvements). The last one I recall was the Clickjacking Vulnerability, which also effected Chrome. It seems like it’s not too serious of an issue and will only cause crashing, there’s no room for remote exploitation or code execution. So […]
Just remember that even though Firefox tends to be more secure than Internet Exploder – it’s not immune from vulnerabilities (although they do tend to get fixed much much faster). The latest one that’s cropped up in both Firefox and Chrome is a clickjacking vulnerability. This is basically where a link is replaced by an […]
It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla. It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?). It’s rated as low risk, but it can give away the existence […]
