No SSL BEAST Fix for Firefox 7

Mozilla is patching it’s Firefox Web browser for at least 10 vulnerabilities, seven of which are rated as being “critical.” Firefox 7 was released on Tuesday offering users the promised of improved perfomance and better memory usage.

On the security front, the Firefox 7 release provides a critical fix for what Mozilla describes as, “Miscellaneous memory safety hazards.”

“Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products,” Mozilla stated in its advisory. “Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

There is also a critical fix for an interesting flaw that could have been triggered by having a user hold down the ‘Enter’ key. By holding down the key, code could potentially be installed without a user’s knowledge.


Read the full story at eSecurityPlanet:
Firefox 7 Updates for Security, not SSL

News Around the Web