Browser Security News

Mozilla Corporation has pushed back the release of the third, and possibly final, beta for Firefox 3.1 by a week to allow the firm to fix some bugs in the upcoming version of its open source browser.

A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer.

A recent string of high-profile ActiveX vulnerabilities caused the U.S. Computer Emergency Readiness Team (US-CERT) to advise users to disable the ubiquitous Microsoft browser plug-in technology altogether. The vectors for these recent exploits include a third-party image uploading tool used on both the Facebook and MySpace social networking sites, and flaws found in Yahoo’s Music [...]

Mozilla has issued a fix for a bug found in an update issued earlier this week. Officials at Mozilla said they have released an update to fix a flaw in the recently released 2.0.0.10 version of their Firefox browser. It is the first time ever Mozilla has released two versions of the open-source browser in [...]

Mozilla Corporation wants to get the security community involved in ironing out possible bugs with the next version of Firefox at an earlier stage. Instead of pointing out security bugs once Firefox 3.0 gets released, Mozilla wants security vendors involved while the software in still a work in progress. Window Snyder, the "chief security something" [...]

Mozilla Corp. is changing the way it publishes security fixes for its Firefox browser. Over the next day, the open-source company plans to begin delivering bug fixes to a select group of beta testers who will try out the upcoming Firefox 2.0.0.3 version before it is released to all Firefox users.

Is a flaw in the Firefox browser fixed or not? A security research claims that it’s not. Mozilla says it is. Last November security researcher Robert Chapin discovered a zero day flaw in Mozilla Firefox’s password manager. The flaw could potentially allow a maliciously crafted page to auto-fill a form with credentials intended for another [...]

A vulnerability fixed in Firefox 2.0.0.2 and Thunderbird is, according to security specialist Stefan Esser, still present in Internet Explorer 7 and Opera 9. The vendors were informed of the problem last year; however according to Esser, Opera has not reacted to the bug report at all.

Microsoft has another IE vulnerability on its hands. But is it a flaw, or is it a feature? IE’s been having a miserable time of late, starring in scads of headlines about security flaws. Most recently came last week’s monthly security bulletin, a package of fixes for 20 individual problems in Microsoft products. Included in [...]

Mozilla Corp. will delay the next security update for Firefox so it can test a fix for a flaw that could be used by attackers by skirt security restrictions. The flaw, disclosed Feb. 14 by Polish researcher Michal Zalewski on the Full-Disclosure security mailing list, could let a malicious site manipulate the authentication cookies for [...]