Mozilla released fixes for two critical security vulnerabilities Friday, which covered the way for hackers to begin malicious attacks that could crash a browser or take complete control of a user's computer.
The latest Firefox version 3.0.8, which initially was slated for release April 1, addresses critical errors affecting multiple versions of the Firefox 3 Web browser.
One of the critical Firefox updates repaired a critical flaw, made public during the renowned pwn2own contest at the CanSecWest 2009 hacker conference earlier in March that could allow hackers to launch a drive-by attack in the context of the browser.
The flaw was publicly demonstrated by a German hacker known only as Nils, 25, who successfully hacked the browser in exchange for a Sony Vaio machine running Windows 7.
The second critical bug, affecting Firefox version 3.0.7, stems from a XSLT vulnerability that resulted from improper handling of errors when transforming an XML document. The flaw, which was first brought to light by security researcher Guido Landi, could potentially be exploited by attackers who enticed unsuspecting users to open a malicious file using the affected Firefox browser. Once the victim viewed an infected file, attackers could then execute arbitrary code on the user's computer to crash the browser or initiate a denial of service attack.
While the execution of arbitrary code hasn't been proven in the XSLT flaw, it is also not entirely ruled out, Secunia researchers said in blog post.
Mozilla said in its advisory Thursday that it had been investigating both issues and was in the process of undergoing quality assurance testing for the impending fixes, implying that they would be forthcoming soon.
Security experts recommended that users update their browsers with the latest version of Firefox in order to protect vulnerable systems from attack. Additionally, Secunia researchers advised in a blog post that users avoid opening untrusted Web sites or clicking on unsolicited links, which might contain malware.
Some Related Search:
Browser Support Services
Firefox will not start after installing or updating McAfee SiteAdvisor
Outlook Live for IE, Firefox and Safari
Tuesday, March 31, 2009
Friday, March 20, 2009
How to Check the browser's cache settings.
Using the recommended settings can improve browser performance by instructing the browser to display stored pages, rather than download fresh pages from the server, when revisiting a site.This post provide some browser support tips for check browser's cache setting in Internet Explorer and Netscape browser.
Recommended cache settings
1. Set your browser to refresh Web pages automatically when necessary. Do not specify that the browser refresh a page each time you view it.
2. Allocate adequate disk space for the browser cache. 10 MB is recommended. Do not specify zero space for the cache, and avoid allowing it to be larger than 50 MB.
3. Do not configure Internet Explorer to clear the cache each time you exit the browser (Supported Netscape browsers have no equivalent setting).
4. Retain the browser's History (log of recently visited sites) for 4 days.
5. Before changing settings. • Before changing cache/history settings, write down your current settings so that you can restore them if the new settings cause problems.
6. If you experience problems with Connexion browser or with other web-based applications when using the recommended cache settings, see 6. Resolve caching problems.
Internet Explorer
1. On the Tools menu click Internet Options.
2. On the General tab, under Temporary Internet Files, click Settings.
3. In the Settings dialog box, under Check for newer versions of stored pages, click Automatically.
4. Under Amount of disk space to use, type 10 in the text box.
5. Then click OK to close the Settings dialog box.
6. On the General tab, under History, for Days to keep pages in history, type 4 in the text box.
7. On the Advanced tab, under Security (the last group of items in the list), clear (uncheck) the check box labeled Empty Temporary Internet Files folder when browser is closed.
8. Click OK to close the Internet Options dialog box.
Netscape
1. On the Edit menu click Preferences.
2. In the left pane of the Preferences dialog box, under Navigator, click History.
3. In the right pane (the History panel), under Browsing history, for Remember visited pages for the last __ days, type 4 in the text box.
4. In the left pane of the Preferences dialog box, under Advanced, click Cache.
5. In the right pane (the Cache panel), under Set Cache Options, change the number in the text box to 10. Make sure this number is not 0.
6. Under Compare the page in the cache to the page on the network, select When the page is out of date.
7. Then click OK to apply the changes and close the dialog box.
Recommended cache settings
1. Set your browser to refresh Web pages automatically when necessary. Do not specify that the browser refresh a page each time you view it.
2. Allocate adequate disk space for the browser cache. 10 MB is recommended. Do not specify zero space for the cache, and avoid allowing it to be larger than 50 MB.
3. Do not configure Internet Explorer to clear the cache each time you exit the browser (Supported Netscape browsers have no equivalent setting).
4. Retain the browser's History (log of recently visited sites) for 4 days.
5. Before changing settings. • Before changing cache/history settings, write down your current settings so that you can restore them if the new settings cause problems.
6. If you experience problems with Connexion browser or with other web-based applications when using the recommended cache settings, see 6. Resolve caching problems.
Internet Explorer
1. On the Tools menu click Internet Options.
2. On the General tab, under Temporary Internet Files, click Settings.
3. In the Settings dialog box, under Check for newer versions of stored pages, click Automatically.
4. Under Amount of disk space to use, type 10 in the text box.
5. Then click OK to close the Settings dialog box.
6. On the General tab, under History, for Days to keep pages in history, type 4 in the text box.
7. On the Advanced tab, under Security (the last group of items in the list), clear (uncheck) the check box labeled Empty Temporary Internet Files folder when browser is closed.
8. Click OK to close the Internet Options dialog box.
Netscape
1. On the Edit menu click Preferences.
2. In the left pane of the Preferences dialog box, under Navigator, click History.
3. In the right pane (the History panel), under Browsing history, for Remember visited pages for the last __ days, type 4 in the text box.
4. In the left pane of the Preferences dialog box, under Advanced, click Cache.
5. In the right pane (the Cache panel), under Set Cache Options, change the number in the text box to 10. Make sure this number is not 0.
6. Under Compare the page in the cache to the page on the network, select When the page is out of date.
7. Then click OK to apply the changes and close the dialog box.
Thursday, March 12, 2009
Microsoft Tightens IE 7's Security
This post provide information about Internet Explorer 7 security support . Microsoft has detailed several changes in the way its upcoming Internet Explorer (IE) 7 browser will classify Web sites for security, aiming to reduce the likelihood that users will fall victim to malicious code.
The browser, which will be released separately and also as part of the forthcoming Windows Vista operating system, is expected to ship in 2006, probably before Vista.
Network Admin Options
However, if a machine is running on a domain, IE 7 will automatically detect the intranet sites and revert to the intranet zone settings. Network administrators will be able to set group policies to ensure the browser runs as desired, the engineers wrote.
In Microsoft Windows Vista, the Internet zone will run in what the company calls "protected mode," to help protect against attacks that IE has been victim to in the past. Another feature, ActiveX Opt-In, will reduce potential damage from malicious Active X controls in the Internet zone, the engineers said. Those changes will be reflected in a new security level setting for the Internet zone, "medium high."
The "Trusted sites" zone, which provides a lot of autonomy for specific Web sites selected by the end user, will also change. It will now have a default security setting of "medium," the same as the Internet zone in IE 6. Users will be able to lower the setting if they want to, the engineers wrote.
The browser, which will be released separately and also as part of the forthcoming Windows Vista operating system, is expected to ship in 2006, probably before Vista.
Network Admin Options
However, if a machine is running on a domain, IE 7 will automatically detect the intranet sites and revert to the intranet zone settings. Network administrators will be able to set group policies to ensure the browser runs as desired, the engineers wrote.
In Microsoft Windows Vista, the Internet zone will run in what the company calls "protected mode," to help protect against attacks that IE has been victim to in the past. Another feature, ActiveX Opt-In, will reduce potential damage from malicious Active X controls in the Internet zone, the engineers said. Those changes will be reflected in a new security level setting for the Internet zone, "medium high."
The "Trusted sites" zone, which provides a lot of autonomy for specific Web sites selected by the end user, will also change. It will now have a default security setting of "medium," the same as the Internet zone in IE 6. Users will be able to lower the setting if they want to, the engineers wrote.
Thursday, March 5, 2009
Upgrading to Internet Explorer 8 Release Candidate 1
Just like for previous beta releases, I am going to guide you through the upgrade steps for Internet Explorer 8 Release Candidate 1 (IE8 RC1).
Before we begin, let me summarize the major changes you will see when installing IE8 RC1:
1. If you are a Windows Vista or Windows Server 2008 user and you are upgrading from IE8 Beta 1 or Beta 2 to IE8 RC1, you are no longer required to manually uninstall earlier IE8 builds. Instead, IE8 RC1 installer will automatically upgrade your machine from the earlier IE8 builds to the latest IE8 build, all with a single reboot.
2. There is a new pre-requisite for IE8 RC1 (KB957388). This update supersedes KB943302 and KB957055 and will be automatically installed as part of your RC1 upgrade, as long as you keep “Install the latest updates” checkbox checked. This update addresses known application compatibility issues in Windows Vista and Windows Server 2008 and improves the performance and reliability of IE8.
3. All IE8 Beta 1 and Beta 2 users will be offered IE8 RC1 via Windows Update in 25 languages. For Windows XP and Windows Server 2003, the IE language that gets offered via Windows Update will match the base OS language. For Windows Vista and Windows Server 2008, the IE language that gets offered via Windows Update will match the Active Language that the user selected for their account.
Note: If you are running Windows 7 Beta, you will not be able to install IE8 RC1. You will get an error message saying that your operating system is not supported since IE8 already ships in Win7. The IE8 RC1 available from Microsoft Download Center is a standalone upgrade for downlevel version of the OS only: Windows Vista, Windows XP, Windows Server 2008 and Window Server 2003.
Here are some additional resources you can refer to during the RC1 installation:
* System requirements for RC1 are the same as Beta1 and Beta2.
* Release notes for RC1 outline a few scenarios you should watch out for when installing IE8 RC1.
* Internet Explorer Support for any problems during your installation.
Before we begin, let me summarize the major changes you will see when installing IE8 RC1:
1. If you are a Windows Vista or Windows Server 2008 user and you are upgrading from IE8 Beta 1 or Beta 2 to IE8 RC1, you are no longer required to manually uninstall earlier IE8 builds. Instead, IE8 RC1 installer will automatically upgrade your machine from the earlier IE8 builds to the latest IE8 build, all with a single reboot.
2. There is a new pre-requisite for IE8 RC1 (KB957388). This update supersedes KB943302 and KB957055 and will be automatically installed as part of your RC1 upgrade, as long as you keep “Install the latest updates” checkbox checked. This update addresses known application compatibility issues in Windows Vista and Windows Server 2008 and improves the performance and reliability of IE8.
3. All IE8 Beta 1 and Beta 2 users will be offered IE8 RC1 via Windows Update in 25 languages. For Windows XP and Windows Server 2003, the IE language that gets offered via Windows Update will match the base OS language. For Windows Vista and Windows Server 2008, the IE language that gets offered via Windows Update will match the Active Language that the user selected for their account.
Note: If you are running Windows 7 Beta, you will not be able to install IE8 RC1. You will get an error message saying that your operating system is not supported since IE8 already ships in Win7. The IE8 RC1 available from Microsoft Download Center is a standalone upgrade for downlevel version of the OS only: Windows Vista, Windows XP, Windows Server 2008 and Window Server 2003.
Here are some additional resources you can refer to during the RC1 installation:
* System requirements for RC1 are the same as Beta1 and Beta2.
* Release notes for RC1 outline a few scenarios you should watch out for when installing IE8 RC1.
* Internet Explorer Support for any problems during your installation.
