Member Sign In
Not a member?

A Wired.com user account lets you create, edit and comment on Webmonkey articles. You will also be able to contribute to the Wired How-To Wiki and comment on news stories at Wired.com.


It's fast and free.

Sign in with OpenID
Sign In
Webmonkey is a property of Wired Digital.
processing...
Join Webmonkey
Please send me occasional e-mail updates about new features and special offers from Wired/Webmonkey.
Yes No
Please send occasional e-mail offers from Wired/Webmonkey affiliated web sites and publications, and carefully selected companies.
Yes No
I understand and agree that registration on or use of this site constitutes agreement to Webmonkey's User Agreement and Privacy Policy.
Webmonkey is a property of Wired Digital.
processing...

Retrieve Sign In

Please enter your e-mail address or username below. Your username and password will be sent to the e-mail address you provided us.

or
Webmonkey is a property of Wired Digital.
processing...

Welcome to Webmonkey

A private profile page has been created for you.
As a member of Webmonkey, you can now:
  • edit articles
  • add to the code library
  • design and write a tutorial
  • comment on any Webmonkey article
Close
Webmonkey is a property of Wired Digital.

Sign In Information Sent

An e-mail has been sent to the e-mail address registered in this account.
If you cannot find it in your in-box, please check your bulk or junk folders.
Sign In
Webmonkey is a property of Wired Digital.

Firefox Update Fixes Security Flaws

By Scott Gilbertson November 27, 2007 Categories: Software & Tools, Web Basics

firefoxlogo.jpgMozilla has rolled out an incremental upgrade for Firefox 2 that fixes three security vulnerabilities, all of which are rated as “high.”

Firefox 2.0.0.10 patches a highly publicized jar protocol flaw that allows cross site scripting attacks. The fix changes the way the Firefox handles the loading of jar: protocol URIs. The security advisory reads:

URI scheme has been restricted to files served with a Content-Type header of application/java-archive or application/x-jar. Web applications that require signed pages must make sure their .jar archives are served with this Content-Type. Sites that allow users to upload binary files should make sure they do not allow these files to have one of these two MIME types.

Another vulnerability addressed also involves a cross site scripting vulnerability, fixing a an error in the way Firefox handles JavaScript initiated window contents changes.

The upgrades are recommended for all Firefox users and can be found via the “check for updates” menu item in Firefox, or downloaded directly from the Mozilla site.

See Also:

Tags: browsers
Post Comment Comments Permalink Print
Reddit Digg
 
Subscribe now

Special Offer For Webmonkey Users

WIRED magazine:
The first word on how technology is changing our world.

Subscribe for just $10 a year