Trade Resources Industry Views Mozilla Released Fix for Latest Version of Firefox Browser a Day After It Was Withdrawn

Mozilla Released Fix for Latest Version of Firefox Browser a Day After It Was Withdrawn

Mozilla has released a fix for the latest version of its Firefox browser a day after it was withdrawn due to a security flaw.

The non-profit organisation said the vulnerability in Firefox 16 could allow a malicious website to capture web history,enabling hackers to see what websites people had visited.

Mozilla Fixes Security Flaw in Latest Firefox

Mozilla announced in a blog post that an update for Firefox for Windows,Mac,Linux and Android has been released.

The updated Firefox 16.0.1 is available through automatic updates and new downloads through the Mozilla download site.

Version 16 was withdrawn within a day of release.Mozilla said a limited number of users had been affected,but there was no evidence the vulnerability had been exploited by hackers.

However,Tal Be'ery,web researcher at security firm Imperva,said a proof-of-concept exploit for the vulnerability exists.

The flaw in Firefox 16 meant the browser was leaking a URL's data across domains by not restricting javascript's"location"method,he said.

In theory,a user would browse to a malicious exploit site,the attacker would open a new window in Twitter from the attacker site,anyone signed into Twitter would be redirected to a URL that contains a personal twitter ID,and this would enable the attacker to query the new window on the URL and obtain the victim's personal Twitter ID.

On previous versions of Firefox,this attack would fail,but a regression in Firefox 16 allowed it to work.

 

Source: http://www.computerweekly.com/news/2240165457/Mozilla-fixes-security-flaw-in-latest-Firefox
Contribute Copyright Policy
Mozilla Fixes Security Flaw in Latest Firefox